On ESXi hosts, the vmkernel.log is flooded with repetitive "Access denied" messages related to the sfcb-vmware_bas process. This log spam occurs when the Small Footprint CIM Broker (SFCB) attempts to connect to a specific socket, which is blocked by the vmkernel access control policy.

The following error message is observed frequently in the logs:

2025-12-13T00:47:34.173Z In(182) vmkernel: cpu18:2099348)VmkAccess: 106: sfcb-vmware_bas: running in sfcbVmwPluginDom(87): socket = /tmp/VMISCSI_MGMT_IPC_PATH (unix_stream_socket_connect): Access denied by vmkernel access control policy

VMware ESXi 8.0u3

This issue is caused by a restrictive security domain policy in ESXi 8.0 Update 3. Processes on ESXi run within pre-defined domains that dictate access to files, sockets, and syscalls. The sfcbVmwPluginDom domain, where the sfcb-vmware_base process resides, does not currently have a rule allowing it to connect to the /tmp/VMISCSI_MGMT_IPC_PATH socket.

This is a known issue that will be resolved in a future release of ESXi. To stop the log spam in the interim, you can disable the enforcement for this specific security domain.

Workaround:

1. Log in to the ESXi host via SSH or the ESXi Shell as root.

2. Run the following command to disable the sfcbVmwPluginDom policy:

   esxcli system secpolicy domain set -l disabled -n sfcbVmwPluginDom
   

3. Verify that the vmkernel.log is no longer reporting the access denial messages.

Disabling this domain policy allows the sfcb-vmware_base process to successfully connect to the required socket. There is no adverse impact to host stability or functional performance when applying this workaround.