Root user login failure events in ESXi logging "Cannot login user root@127.0.0.1: no permission"
search cancel

Root user login failure events in ESXi logging "Cannot login user [email protected]: no permission"

book

Article ID: 401591

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi host's on HPE hardware with Normal Lockdown mode enabled reports multiple events on login failure.

  • Following events are observed in /var/run/log/hostd.log on the affected hosts with opID starting with "esxcli" indicating that a particular script on the host is calling /bin/esxcli. 
    Db(167) Hostd[2099508]: [Originator@6876 sub=Vimsvc.Ticket opID=esxcli-##-### sid=#####] Ticket used: ***e2a6c
In(166) Hostd[2099508]: [Originator@6876 sub=Vimsvc.HaSessionManager opID=esxcli-##-### sid=#####] Accepted password for user root from 127.0.0.1 - session=#####-###-####-###-#######
In(166) Hostd[2099508]: [Originator@6876 sub=Vimsvc opID=esxcli-##-### sid=#####] [Auth]: User root
In(166) Hostd[#####]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=esxcli-##-### sid=#####] Event ##### : Cannot login user [email protected]: no permission
Db(167) Hostd[#####]: [Originator@6876 sub=Vimsvc.HaSessionManager opID=esxcli-##-### sid=#####] Invalid login request for session #####-###-####-###-#######: delaying response for # seconds
     
  • The below events are recorded in /var/run/log/sut.log:
    In(30) sut[#####]:[ERROR] :: [sutmetadatainterface.cpp:521] :: Unable to perform set bool in RIS for HPSUT
In(30) sut[#####]: [INFO] :: [global.cpp:1459] :: Console log content for the command (esxcli system maintenanceMode get >& /tmp/stagingdirectory/sutm
In(30) sut[#####]: maintenancemode.log) is : Error: Permission to perform this operation was denied.

Environment

VMware vSphere ESXi 8.0.3

Cause

Correlated logs from the affected hosts confirm that esxcli commands requiring root privileges are executed by the HPE SUT agent immediately prior to the "NoPermission" events recorded in hostd.log. The HPE Smart Update Tool (SUT) agent executes "In-Band" management tasks using the local root account. When ESXi is in Lockdown Mode, the root user is restricted from performing operations via management agents unless explicitly exempted.

Resolution

Please engage HPE Support to review the Smart Update Tool (SUT) configuration. Because SUT is an HPE proprietary component, they must investigate the root cause of these login failures and the resulting "NoPermission" events.

HPE SUT documentation 

Additional Information

If there are no erroneous events in the SUT logs and the issue persists, please open a case with Broadcom Support.

Similar KB articles:
 
Powered by Wolken Software