• The ESXi host was failing to enter maintenance mode, displaying the following error:

Failed to enter namespaces maintenance mode due to Error: com.vmware.vapi.std.errors.unauthenticated Messages: vapi.security.authentication.invalid <Unable to authenticate user>. Retry ##

• The /var/log/vmware/wcp/wcpsvc.log file, the following errors can be observed along with wcp service failing to start :

[vmodl1/session.go:##] Failed to log into vc: ServerFaultCode: Permission to perform this operation was denied.
error wcp [vclib/client.go:98] Failed to login to vc. Err: ServerFaultCode: Permission to perform this operation was denied .. Retrying.

• The missing service account entries prevented vCenter services from authenticating and communicating with the ESXi host.
• Missing global permissions for specific vCenter service accounts (machine ID-based users).

• Check the correct machine ID of the vCenter after logging into an SSH session as the root user :

/opt/likewise/bin/lwregshell ls "[HKEY_THIS_MACHINE\Services\vmdir]" | grep MachineGuid | awk '{print $2,$NF}'

• Manually re-add the missing vCenter service accounts in global permissions:
  • In the vSphere Client, navigate to Administration > Global Permissions.
  • Click Add.
  • In the Global Permissions section, select the users based on the machine IDs identified in the previous step. These typically include the service accounts with machine ID patterns such as vpxd-*, vpxd-extension-*, vsphere-webclient-*, and vsphere-ui-*.