ESXi cluster pre-check completes with the following error description: "Cannot obtain symlink information for host <FQDN>"
search cancel

ESXi cluster pre-check completes with the following error description: "Cannot obtain symlink information for host <FQDN>"

book

Article ID: 428972

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi cluster pre-check completes with the following error description: "Cannot obtain symlink information for host <FQDN>"

  • Logs on SDDC Manager located at /var/log/vmware/operationsmanager/operationsmanager.log show the following failure when attempting to execute validation commands:

YYYY-MM-DDThh:mm:ss DEBUG [vcf_om,6970787xxxxxxxe391314fdcc,f291] [c.v.e.s.c.util.RetriableCallable,precheck-validation4] Starting retriable operation 'Execute SSH command on ESXi <ESXi FQDN>' with 3 retries.
YYYY-MM-DDThh:mm:ss DEBUG [vcf_om,6970787xxxxxxxe391314fdcc,f291] [c.v.v.s.c.s.SecurityConfigurationServiceImpl,precheck-validation4] Security config retrieved {"fipsMode":false}
YYYY-MM-DDThh:mm:ss DEBUG [vcf_om,6970787xxxxxxxe391314fdcc,f291] [c.v.evo.sddc.common.util.SshUtil,precheck-validation4] The command [ find -L / -maxdepth 1 -user root -type l ] executed on <ESXi FQDN>. Status: 1, Timed out: false
Output: Login disabled
Error:

  • Output of following command on the ESXi host confirms that the service account does not have shell access permissions enabled:

[root@<ESXi>:~] esxcli system account list
User ID                      Description                                Shell access
---------------              -----------------------------------------  ------------
root                         Administrator                                      true
dcui                         DCUI User                                          false
vpxuser                      VMware Workstation administration account          false
cloudadmin                   ESXi User                                          false
svc-vcf-<ESXi>               ESXi User                                          false
mux_user                     ESXi User                                          false
da-user                      ESXi User                                          false
nsx-user                     ESXi User                                          false
lldpVim-user                 ESXi User                                          false

Environment

VCF 5.x

Cause

ESXi service account integrated with SDDC Manager does not have shell access enabled. This is likely due to ESXi hardening profiles or organizational security policies that restrict shell access for non-root accounts.

Resolution

To resolve this issue, enable shell access for the ESXi service account using one of the following methods:

Method 1: Via ESXCLI

Run the following command to enable access:

esxcli system account set --id svc-vcf-<ESXi>--shell-access true

Method 2: Via Host Client UI

 

  • Go to Manage → Security & Users → Users.

  • Locate the user account svc-vcf-<ESXi> in the user list.

  • Select the user and click Edit User.

  • Enable the option “Enable Shell access”, then Save the changes.

Additional Information

Retrieve the service accounts credentials from SDDC Manager

Re-create missing SDDC Manager Service account on an ESXi host

Account Management Design for VMware Cloud Foundation

Powered by Wolken Software