The user or group named 'example\esx^admins' does not exist.
search cancel

The user or group named 'example\esx^admins' does not exist.

book

Article ID: 369335

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Unable to leave the ESXi host from the AD domain. 
  • Unable to enable lockdown mode on the ESXi host.
  • Unable to remove a permission from the ESXi host. 

esxcli system permission unset --group -i 'example\esx^admins'
The user or group named 'example\esx^admins' does not exist

Similar errors are found in the hostd.log 

/var/log/hostd.log

2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Vimsvc.TaskManager opID=cf748e7d user=root] Task Completed : haTask-ha-host-vim.host.HostAccessManager.changeAccessMode-1180481544 Status error
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Activation finished; <<52e48cb7-a48d-c4c6-a362-77e20d377c99, <TCP '127.0.0.1 : 8307'>, <TCP '127.0.0.1 : 50890'>>, ha-host-access-manager, vim.host.HostAccessManager.changeAccessMode>
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg principal:
--> "example\esx^admins"
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg isGroup:
--> false
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg accessMode:
--> "accessNone"
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Throw vim.fault.UserNotFound
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Result:
--> (vim.fault.UserNotFound) {
-->    principal = "example\esx^admins",
-->    unresolved = false,
-->    msg = "",
--> }

Environment

VMware vSphere ESXi

Cause

A user or group has been removed from the ESXi host but the associated permissions were not removed correctly.

Resolution

Remove the stale permissions using esxcli 
1. SSH into the ESXi host

2. Add a temp account for esx^admins
/usr/lib/vmware/busybox/bin/busybox addgroup example\esx^admins

3. Remove the esx^admins permission with esxcli 
esxcli system permission unset --group -i "example\esx^admins"

4. Remove the temp account for esx^admins
/usr/lib/vmware/busybox/bin/busybox delgroup example\\esx^admins

Additional Information

To read more about the ESX admins group and the use case for the group.

Configuring the ESXi host with Active Directory authentication