The vCenter vSphere client UI doesn't register the inputs when clicking "OK" to save the changes. Attempted remediation, but the settings are not being applied.

Steps to Identify a False Negative Compatibility Issue

Review VCSA logs:

• Path: cd /var/log/vmware/vpxd/
• Logs: vpxd-*.log

1. Decompress logs if needed:
   
   gunzip vpxd-*.log.gz
   
   
2. Search for compliance failures:
   

   grep ComplianceResult.ComplianceFailure vpxd-*.log

The reference ESXi host used to create the host profile has the network firewall ruleset "allip" (allowed-all) set to "true", and the "Remediation Pre-check" calls it out needing to be set to "false".

Using vSphere client UI:

• View the firewall rulesets under "ESXi host > Configure > System > Firewall".
• In the "Allowed IP addresses" column, "All" indicates that ("allIP") is enabled for the service.

Using ESXi CLI:

• List current configuration of network "allowedip" rulesets for all objects, run the below command.

  esxcli network firewall ruleset allowedip list

Note: If needing additional assistance with confirming this for ESXi, please create a support case, and make sure to upload a log bundle for both the VCSA and the reference ESXi host (used to create the host profile) needing review.

You can do one of the following:

1. Create a new host profile from an ESXi host with the firewall ruleset of "allip" already set to "false", and assign profile to the hosts needing to be remediated.
   • This can be done from the vSphere client and CLI. See below steps for using the client.
     • vSphere Client UI: "ESXi host > Configure > System > Firewall", if wanting to change this to specified list, click the "Edit" button, expand settings for each service to confirm if "Allow connections from any IP address" is enabled with check mark. Uncheck the box and enter the list of IPs needed for the environment, for the specific service.
   • The pre-check should then stop seeing this issue as needing to be resolved.
2. Leave the host profile as is. In the pre-check remediation results (image below), select the check box next to the ESXi host listing the warnings, and continue with remediation.
   • The system will perform actions to resolve settings automatically.

• If related to NTP, please reference KB "Troubleshooting NTP on ESX and ESXi 6.x / 7.x / 8.x" and search the page for "allip" for further details on changing the setting, and a reason for why it may have been changed.