Removal of esx^admins group from ESXi fails with the error "The user or group named 'EXAMPLE\esx^admins' does not exist"
search cancel

Removal of esx^admins group from ESXi fails with the error "The user or group named 'EXAMPLE\esx^admins' does not exist"

book

Article ID: 374582

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0

Issue/Introduction

  • Receive the error 'vim.fault.UserNotFound' or "The user or group named 'EXAMPLE\esx^admins' does not exist" when trying to manage or remove the user/group in the host UI or the command line.
  • Errors seen in the hostd.log

2024-08-12T19:59:42.887Z info hostd[2101465] [Originator@6876 sub=Solo.Vmomi opID=esxui-6563-74d0 user=root] Throw vim.fault.UserNotFound
2024-08-12T19:59:42.887Z info hostd[2101465] [Originator@6876 sub=Solo.Vmomi opID=esxui-6563-74d0 user=root] Result:
--> (vim.fault.UserNotFound) {
-->    principal = "EXAMPLE\esx^admins",
-->    unresolved = true,
-->    msg = "",
--> }
2024-08-12T19:59:42.887Z error hostd[2101465] [Originator@6876 sub=Req@vim25/7.0.3.0 opID=esxui-6563-74d0 user=root] Method vim.AuthorizationManager.removeEntityPermission threw undeclared fault of type vim.fault.UserNotFound

 

Environment

 VMware vSphere ESXi 7.x

 VMware vSphere ESXi 8.x

Resolution

The entry needs to be removed from the configstore DB.


1. SSH to the ESXi host via the root user

2. Verify the user or group entry is in the configstore

/usr/lib/vmware/sqlite/bin/sqlite3 /etc/vmware/configstore/current-store-1 "select * from Config where Component='esx' and ConfigGroup='authorization' and UserValue like '%esx^admins%'"

Note: Replace the pattern between the %s with a unique string contained in user/group name being removed.  


Result example:

esx|authorization|permissions|52 74 d4 4b ed 7b 7d 18-97 05 be 54 43 4e 82 dd|2024-06-05 08:30:26|2023-07-11 17:57:08|1.3|1||{"cs_generated_id": "52 74 d4 4b ed 7b 7d 18-97 05 be 54 43 4e 82 dd", "principal": "EXAMPLE\\esx^admins", "is_group": true, "access_mode": "Admin"}||||13

 

3. Delete the entry

/usr/lib/vmware/sqlite/bin/sqlite3 /etc/vmware/configstore/current-store-1 "delete from Config where Component='esx' and ConfigGroup='authorization' and UserValue like '%esx^admins%'"


4. Repeat step 2 to verify that entry is no longer returned.

5. Restart the ESXi management agent to reflect the removal in the UI.

/etc/init.d/hostd restart