When an ESXi host is in Lockdown Mode, an unknown process may generate repeated login failure events. These events flood the hostd logs and are visible in the vSphere Client tasks and events console

Symptoms:

• The ESXi host logs display continuous entries similar to:

  Cannot login user [email protected]: no permission

• The issue may persist even if vSAN is not in use, and Health checks are disabled

 VMware ESXi

 Lockdown Mode

• Services: amsdv (Agentless Management Service), hostd, vSAN Health

The amsdv (Agentless Management Service) service initiates local authentication attempts to run hardware PCI listing commands. When the host is in Lockdown Mode, these local authentication attempts by the service are denied, resulting in repeated login failure events.

To resolve this issue, you must stop and disable the service responsible for the unauthorized login attempts.

1. Log in to the ESXi host via SSH or the ESXi Shell.

2. Run the following commands to stop and disable the amsdv service:                                                                                                                                                    /etc/init.d/amsdv stop
   chkconfig amsdv off

     3. Ensure that vSAN Health checks remain disabled if they are not required for your environment, as they can also contribute to similar login

         messages.

      4. Verify that the "Cannot login" events have stopped in the host logs.

For more details on identifying similar login issues, refer to: ESXi host displays repeated cannot login.

Disabling Lockdown Mode temporarily during troubleshooting can provide additional visibility into the specific commands being executed by underlying processes.