This issue occurs if the hostd is not aware of the dynamic rule when auto-deploy attempts to check host compliance after applying the host profile. As a result, the compliance check fails if the host profile contains the dynamic rule set
Actulally this issue occurred 5.5 but I saw it is also exist in 6.0 and solution is same.
To workaround this issue:
- Disable and enable SNMP on the host to restore the dynamicruleset firewall ruleset.
- Connect to the affected host using SSH and root credentials. For more information, see Using ESXi Shell in ESXi 5.x and 6.0 (2004746).
- Run this command to disable SNMP:
esxcli system snmp set -e 0
- Run this command to enable SNMP:
esxcli system snmp set -e 1
- Apply the Host Profile and check compliance.
- Manually check and apply the host profile again to refresh the firewall. This will clear the compliance error.
- Reset the firewall on ESXi host using these commands:
- esxcli network firewall set --enabled false
- esxcli network firewall set --enabled true
Again detach reference host and attach then check compliance
See Also
