Error "Host profile apply failed with error: Error: Access to perform the operation was denied" on ESXi hosts
search cancel

Error "Host profile apply failed with error: Error: Access to perform the operation was denied" on ESXi hosts

book

Article ID: 432191

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Password for root or other local accounts is updated on ESXi host via automation such as powershell or other scripts. Password is successfully updated and you can login to the host client using the new credentials. 
  • Host profile is deleted and vCenter does not list any host profiles however ESXi host summary you see the following error:

    • Host profiles list in vCenter:



    • Error on ESXi host summary:




  • In /var/run/log/syslog.log and vpxa.log of ESXi host and you see entries similar to following:

    • syslog.log:

      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-####-####-####-#######]:WARNING:   File "/lib64/python3.8/site-packages/pyVim/account.py", line 66, in RemoveUser ^@
      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-####-####-####-#######]:WARNING:   File "/lib64/python3.8/site-packages/pyVmomi/VmomiSupport.py", line 595, in <lambda> ^@
      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-####-####-####-#######]:WARNING:   File "/lib64/python3.8/site-packages/pyVmomi/VmomiSupport.py", line 385, in _InvokeMethod ^@
      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-####-####-####-#######]:WARNING:   File "/lib64/python3.8/site-packages/pyVmomi/SoapAdapter.py", line 1570, in InvokeMethod ^@
      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-####-####-####-#######]:WARNING: excObj is a runtime fault: (vmodl.fault.SecurityError) {    dynamicType = <unset>,    dynamicPrope
      rty = (vmodl.DynamicProperty) [],    msg = 'Access to perform the operation was denied.',    faultCause = <unset>,    faultMessage = (vmodl.LocalizableMessage) [       (LocalizableMessageWithPath) {          dyna
      micType = <unset>,          dynamicProperty = (vmodl.DynamicProperty) [],          key = 'com.vmware.vim.profile.engine.UnexpectedError',          arg = (vmodl.KeyAnyValue) [             (vmodl.KeyAnyValue) {
                  dynamicType = <unset>,                dynamicProperty = (vmodl.DynamicProperty) [],                key = 'error',                value = 'Access to perform the operation was denied.'             },
                (vmodl.KeyAnyValue) {                dynamicType = <unset>,                dynamicProperty = (vmodl.DynamicProperty) [],                key = 'context',                value = 'Except
      YYYY-MM-DDTHH:MM:SSZ Host Profiles[17258452 opID=#####-#####-auto-#####-h5: ion while applying host config'             }          ],          message = 'Error: Access to perform the operation was denied..'

    • vpxa.log:

      YYYY-MM-DDTHH:MM:SSZ info vpxa[2102528] [Originator@6876 sub=vpxLro opID=#####-####-auto-#####-####-######-##-##-##] [VpxLRO] -- FINISH task-1360946
      YYYY-MM-DDTHH:MM:SSZ info vpxa[2102528] [Originator@6876 sub=Default opID=#####-####-auto-#####-####-######-##-##-##] [VpxLRO] -- ERROR task-1360946 -- HostdHostProfileManager -- vim.profile.host.profil
      eEngine.HostProfileManager.applyHostConfig: vmodl.fault.SecurityError:
      --> Result:
      --> (vmodl.fault.SecurityError) {
      -->    faultCause = (vmodl.MethodFault) null,
      -->    faultMessage = (vmodl.LocalizableMessage) [
      -->       (vmodl.LocalizableMessage) {
      -->          key = "com.vmware.vim.profile.engine.UnexpectedError",
      -->          arg = (vmodl.KeyAnyValue) [
      -->             (vmodl.KeyAnyValue) {
      -->                key = "error",
      -->                value = "Access to perform the operation was denied."
      -->             },
      -->             (vmodl.KeyAnyValue) {
      -->                key = "context",
      -->                value = "Exception while applying host config"
      -->             }
      -->          ],
      -->          message = "Error: Access to perform the operation was denied.."
      -->       }
      -->    ]
      -->    msg = "Access to perform the operation was denied."

Environment

VMware vCenter Server 7.x/8.x
VMware vSphere ESXi 7.x/8.x

Cause

This issue occurs when ESXi host credentials are modified externally(such as automation, scripts, etc.) causing a credential mismatch between the active host configuration and the stored host profile.

Resolution

To resolve this issue,

  1. If the host profile is deleted, you can  Extract and configure host profile from one of the ESXi hosts.
  2. Update the credentials(root or other accounts) of affected ESXi hosts using host profile following the instructions provided here -  Reset host root password with Host Profile

    Note: Select the root or other user account in step.2 where changes are required.
Powered by Wolken Software