The user or group named 'example\esx^admins' does not exist.
search cancel

The user or group named 'example\esx^admins' does not exist.

book

Article ID: 369335

calendar_today

Updated On: 01-14-2025

Products

VMware vSphere ESXi VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0

Issue/Introduction

  • The ESXi host cannot be removed from the Active Directory (AD) domain.
  • Lockdown mode cannot be enabled on the ESXi host.
  • Permissions cannot be removed from the ESXi host.
  • When attempting to manage or remove the user/group "EXAMPLE\esx^admins" in the Host UI or via the command line, the error "vim.fault.UserNotFound" or "The user or group named 'EXAMPLE\esx^admins' does not exist" is encountered.
  • esxcli system permission unset --group -i 'example\esx^admins'

It fails with the following error message: The user or group named 'example\esx^admins' does not exist

  • Similar errors are found in the /var/run/log/hostd.log

yyyy-mm-ddThh:mm:ss.mssZ info hostd[2277134] [Originator@6876 sub=Vimsvc.TaskManager opID=cf748e7d user=root] Task Completed : haTask-ha-host-vim.host.HostAccessManager.changeAccessMode-1180481544 Status error
yyyy-mm-ddThh:mm:ss.mssZ info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Activation finished; <<52e48cb7-a48d-c4c6-a362-77e20d377c99, <TCP '127.0.0.1 : 8307'>, <TCP '127.0.0.1 : 50890'>>, ha-host-access-manager, vim.host.HostAccessManager.changeAccessMode>
yyyy-mm-ddThh:mm:ss.mssZ verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg principal:
--> "example\esx^admins"
yyyy-mm-ddThh:mm:ss.mssZ verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg isGroup:
--> false
yyyy-mm-ddThh:mm:ss.mssZ verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg accessMode:
--> "accessNone"
yyyy-mm-ddThh:mm:ss.mssZ info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Throw vim.fault.UserNotFound
yyyy-mm-ddThh:mm:ss.mssZ info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Result:
--> (vim.fault.UserNotFound) {
-->    principal = "example\esx^admins",
-->    unresolved = false,
-->    msg = "",
--> }

Cause

A user or group has been removed from the ESXi host but the associated permissions were not removed correctly.

Resolution

To remove the stale permissions, use any of the below provided Resolutions:

Resolution 1:

1. SSH to the ESXi host via the root user

2. Add a temp account for "esx^admins" : /usr/lib/vmware/busybox/bin/busybox addgroup example\esx^admins

3. Remove the "esx^admins" permission : esxcli system permission unset --group -i "example\esx^admins"

4. Remove the temp account for "esx^admins" : /usr/lib/vmware/busybox/bin/busybox delgroup example\esx^admins

Resolution 2:

The entry needs to be removed from the configstore DB.

1. SSH to the ESXi host via the root user

2. Verify the user or group entry is in the configstore DB: /usr/lib/vmware/sqlite/bin/sqlite3 /etc/vmware/configstore/current-store-1 "select * from Config where Component='esx' and ConfigGroup='authorization' and UserValue like '%esx^admins%'"

Note: Replace the pattern between the %s with a unique string contained in user/group name, being removed.  

Result example:

esx|authorization|permissions|a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6|2024-06-05 08:30:26|2023-07-11 17:57:08|1.3|1||{"cs_generated_id": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6", "principal": "EXAMPLE\\esx^admins", "is_group": true, "access_mode": "Admin"}||||13

3. Delete the entry : /usr/lib/vmware/sqlite/bin/sqlite3 /etc/vmware/configstore/current-store-1 "delete from Config where Component='esx' and ConfigGroup='authorization' and UserValue like '%esx^admins%'"

4. Repeat step 2 of Resolution 2 to verify that entry is no longer returned.

5. Restart the ESXi management agent to reflect the removal in the UI, using command: /etc/init.d/hostd restart

Additional Information

To read more about the ESX admins group and the use case for the group.

Configuring the ESXi host with Active Directory authentication