Hi,
I haven't been able to find documentation for advanced setting Config.HostAgent.plugins.hostsvc.esxAdminsGroup.
which I believe is the underlying cause for a problem I have entering lockdown mode.
The host is joined to an AD domain, the setting is configured with the AD group for ESX admins, the lockdown mode
Exception Users has only a limited number of local user accounts and when I try to enable lockdown mode I get a
general error. I went through the host logfiles and found the following error where <domain>\<user> is a member
of the AD group named in esxAdminsGroup but not an Exception Users member.
<datetime> error hostd[<pid>] … user=vpxuser:<domain>\<user> Enable lockdown mode failed: N3VimFault12UserNotFoundExceptionE(Fault cause vim.fault.UserNotFound)
This KB article states the following about adding admins to Exception Users so it would seem unlikely even
contradictory to look to esxAdminsGroup to see that they are also Exception Users.
https://kb.vmware.com/s/article/1008077
That is my reason for wanting to find the "proper" documentation for this setting.
Thanks,
Darren
Thread reported so moderators know it should be moved to the area for vSphere.
Contact Support. Many advanced settings are not documented as they are not supposed to be fiddled with in the first place 🙂
I asked for documentation on the advanced setting of interest and was sent instructions for changing advanced settings.
Configuring advanced options for ESXi/ESX (1038578) (vmware.com)
It appears that the "...esxAdminGroup" setting may not only identify who the ESX Admins are but also be consulted when activating lockdown mode. If this is true then that would contradict other advice about the "Exception Users" list.
https://kb.vmware.com/s/article/1008077
It seems that I may not get an answer and will have to figure out my lockdown mode issue on my own through trial and error.