The user or group named 'example\esx^admins' does not exist.
search cancel

The user or group named 'example\esx^admins' does not exist.

book

Article ID: 369335

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0

Issue/Introduction

  • Unable to leave the ESXi host from the AD domain. 
  • Unable to enable lockdown mode on the ESXi host.
  • Unable to remove a permission from the ESXi host. 
esxcli system permission unset --group -i 'example\esx^admins'
  • It fails with the following error message,

The user or group named 'example\esx^admins' does not exist

Similar errors are found in the hostd.log 

/var/log/hostd.log

2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Vimsvc.TaskManager opID=cf748e7d user=root] Task Completed : haTask-ha-host-vim.host.HostAccessManager.changeAccessMode-1180481544 Status error
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Activation finished; <<52e48cb7-a48d-c4c6-a362-77e20d377c99, <TCP '127.0.0.1 : 8307'>, <TCP '127.0.0.1 : 50890'>>, ha-host-access-manager, vim.host.HostAccessManager.changeAccessMode>
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg principal:
--> "example\esx^admins"
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg isGroup:
--> false
2024-06-04T16:28:13.017Z verbose hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Arg accessMode:
--> "accessNone"
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Throw vim.fault.UserNotFound
2024-06-04T16:28:13.017Z info hostd[2277134] [Originator@6876 sub=Solo.Vmomi opID=cf748e7d user=root] Result:
--> (vim.fault.UserNotFound) {
-->    principal = "example\esx^admins",
-->    unresolved = false,
-->    msg = "",
--> }

 

Environment

VMware vSphere ESXi 7.x

VMware vSphere ESXi 8.x

Cause

A user or group has been removed from the ESXi host but the associated permissions were not removed correctly.

Resolution

1. Remove the stale permissions using esxcli 

  • SSH into the ESXi host

2. Add a temp account for "esx^admins"

  • /usr/lib/vmware/busybox/bin/busybox addgroup example\esx^admins

3. Remove the "esx^admins" permission with esxcli

  • esxcli system permission unset --group -i "example\esx^admins"

4. Remove the temp account for "esx^admins"

  • /usr/lib/vmware/busybox/bin/busybox delgroup example\esx^admins

 

Additional Information

To read more about the ESX admins group and the use case for the group.

Configuring the ESXi host with Active Directory authentication


Powered by Wolken Software