VMware vSphere

 View Only
  • 1.  Exception Mode is not working as expected in Lockdown mode

    Posted Feb 15, 2018 04:33 AM

    Hi All,

    I have tried all the possible combinations however exception users in lockdown mode does not seem to work. I have seen few articles online as well but they doesn't seem to help

    These are the steps that I've tried

    • Joined esxi domain to AD
    • Joined vCenter to AD and added AD as identity source
    • from VC --- highlighted esxi --- choose exception user as an AD account
    • enabled strict lockdown mode

    When I try to login to esxi directly via url https://esxIP/ui and enter the AD credentials .... it returns permission denied error

    on the vcenter for the esxi this is the setting that I have configured

    Any suggestions where am I going wrong ? Thanks



  • 2.  RE: Exception Mode is not working as expected in Lockdown mode

    Broadcom Employee
    Posted Feb 26, 2018 10:29 AM

    Please see the VMware documentation : https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-30A3063D-8E50-4662-916F-620BCA131335.html

    As per this, Exception users are host local users or Active Directory users with privileges defined locally for the ESXi host. Users that are members of an Active Directory group lose their permissions when the host is in lockdown mode. So you have give permissions locally on the host