Host Profile Apply Fails Due to ESXi Shell Timeout and Service Policy Conflict
search cancel

Host Profile Apply Fails Due to ESXi Shell Timeout and Service Policy Conflict

book

Article ID: 438124

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

Applying a Host Profile to a newly re-installed ESXi host fails with an apply error and displays a warning in the vSphere Client.

 

When attempting to edit the Host Profile to set UserVars.ESXiShellTimeOut to 600 seconds, a strict validation error occurs. The error specifies that if a shell timeout is configured, the ESXi Shell (TSM) and SSH (TSM-SSH) services cannot be set to start automatically

Environment

VMware vSphere ESXi 7.x

VMware vSphere ESXi 8.x

VMware vCenter Server 8.x

Cause

 Host Profile validation failure is a configuration conflict between security settings and service startup policies. VMware validation rules dictate that when an ESXi Shell Timeout (UserVars.ESXiShellTimeOut) is configured, the local ESXi Shell (TSM) and SSH (TSM-SSH) services cannot have their startup policies set to automatic.

Resolution

 

  1. Open the vSphere Client and navigate to the Host Profile edit settings.

  2. At the top of the left-hand menu, click on the ALL tab to switch away from the "FAILED" tab view.

  3. Expand the configuration tree and navigate to Security and Services -> Service Configuration.

  4. Locate the following two services in the list:

    1. TSM (Local ESXi Shell)

    2. TSM-SSH (SSH Service)

  5. Select each service individually and change the Startup Policy to Start and stop manually (or off).

  6. Ensure the Turn on service (or Start service) checkbox is unchecked for both services.

  7. Save the Host Profile. The validation error for the timeout configuration will clear.

  8. Apply the updated Host Profile to the ESXi host.

 

Additional Information

Configure ESXi Hosts with Host Profiles

Powered by Wolken Software