Tenable security scans fail to retrieve VIB information or complete audits on ESXi hosts. The scan logs or ESXi host logs reflect permission failures during the authentication or command execution phase.

The following error is observed in /var/log/hostd.log: 2026-02-24T21:27:07.890Z In(166) Hostd[2102339]: [Originator@6876 sub=Solo.Vmomi opID=esxui-1a66 sid=52e4a372 user=<REDACTED_DOMAIN>\<REDACTED_USER>] Throw vim.fault.NoPermission

VMware ESXi

A local ESXi user account exists with the same username as the Active Directory service account used by the security scanner. ESXi prioritizes local account authentication; because the local account lacks administrative privileges, the session is restricted despite the AD account having full permissions.

To resolve this issue, the conflicting local account must be removed to allow ESXi to authenticate the request via Active Directory.

1. Log in to the vSphere Client or the ESXi Host Client directly.

2. Navigate to the affected ESXi host.

3. Go to Manage > Security & Users > Users.

4. Locate the local user account that matches the name of the AD service account.

5. Select the user and click Remove (or the Delete icon).

6. Ensure that the Active Directory group or user is correctly assigned the Administrator role under Actions > Permissions.

7. Restart the Tenable security scan.