Gonzouk
Enthusiast
Enthusiast

Can't edit config file - Access denied

Hello,

I've been trying to edit my config file on our ESXi 5 host.

When I SSH into the host and then try and access the config file I get this:

login as:
Using keyboard-interactive authentication.
Password:
The time and date of this login have been sent to the system logs.

VMware offers supported, powerful system administration tools.  Please
see www.vmware.com/go/sysadmintools for details.

The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
~ # /etc/vmware/config
-sh: /etc/vmware/config: Permission denied

I am trying to fix this error "Failed to log into the NFC server" which I get  when I try an import vmdk's into my test ESX5 host.  I have followed  this link:

http://http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101719...

Any ideas on how I edit this file?

Thanks

0 Kudos
20 Replies
Gonzouk
Enthusiast
Enthusiast

I am using the root username too which is the only account I have set up and I am still getting access denied on the config file Smiley Sad

0 Kudos
satya1
Hot Shot
Hot Shot

Gonzouk wrote:

I am using the root username too which is the only account I have set up and I am still getting access denied on the config file Smiley Sad

try to take ownership of that folder then check it

Yours,

Satya

0 Kudos
Slingsh0t
Enthusiast
Enthusiast

I just SSH'd into one of my hosts,

cd /etc/vmware/

vi conf

I made a quick change, and saved successfully?

If I just punch in the same command as you "/etc/vmware/config" I get the same error message.  Perhaps try with vi?

0 Kudos
Gonzouk
Enthusiast
Enthusiast

Hi,

I think I got a little further, like you I ran:

cd /etc/vmware/

vi conf

I then get this:

~
~
~
~
~
~
~
~
- conf 1/1 100%

How can I do this step:

Edit /etc/vmware/config so that there is a carriage return after the line:

prefvmx.consolidateDeleteNFSLocks = "TRUE"

so that it reads:

authd.soapServer = "TRUE"
prefvmx.consolidateDeleteNFSLocks = "TRUE"
authd.proxy.vpxa-nfc = "vmware-vpxa:vpxa-nfc"
authd.proxy.vpxa-nfcssl = "vmware-vpxa:vpxa-nfcssl"

As you can tell I've not tried this side of things before in VMware, I will be getting some training soon.

Thanks

0 Kudos
Slingsh0t
Enthusiast
Enthusiast

I understand from your second post that you're logged in as root is that correct?

Is this host being managed by a vcenter server or is it a standalone host?

You should be able to see the parameters that have been set in the config file, odd that its coming up with nothing.

0 Kudos
Slingsh0t
Enthusiast
Enthusiast

try running this command:

"less /etc/vmware/config" and see what comes up.  You should see the contents of the file if you have read access.

If nothing comes up, you either don't have permissions or the file is empty.

Enter the following commands:

"cd /etc/vmware"

"ls -al | grep config"

If you can please copy+paste the permissions on the config file (the bit with the -rw-r--r-- thingy) then we can see what permissions exist on that file.

0 Kudos
Gonzouk
Enthusiast
Enthusiast

Hi I see the contents now:

"less /etc/vmware/config"

libdir = "/usr/lib/vmware"
authd.proxy.vim = "vmware-hostd:hostd-vmdb"
authd.proxy.nfc = "vmware-hostd:ha-nfc"
authd.proxy.nfcssl = "vmware-hostd:ha-nfcssl"
authd.proxy.vpxa-nfcssl = "vmware-vpxa:vpxa-nfcssl"
authd.proxy.vpxa-nfc = "vmware-vpxa:vpxa-nfc"
authd.fullpath = "/sbin/authd"
authd.soapServer = "TRUE"
vmauthd.server.alwaysProxy = "TRUE"

How do I edit this and add:

prefvmx.consolidateDeleteNFSLocks = "TRUE"

so that it reads:

authd.soapServer = "TRUE"
prefvmx.consolidateDeleteNFSLocks = "TRUE"
authd.proxy.vpxa-nfc = "vmware-vpxa:vpxa-nfc"
authd.proxy.vpxa-nfcssl = "vmware-vpxa:vpxa-nfcssl"

Thanks

0 Kudos
kjb007
Immortal
Immortal

You can't edit with less, you have to use vi.

Use vi /etc/vmware/config

Then use your arrow keys to scroll down to the line where you want to insert.

Type 'O' <-capital "O"

Add in your text

Hit 'Esc' key

Then type :wq <- colon, then letter "w" and letter "q"

Press Enter

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Gonzouk
Enthusiast
Enthusiast

Hi,

I've managed to edit the config file, but I'm still getting the "Failed to log into NFC server" error, after editing the config fiel do I need to restart the host to get it to work?

libdir = "/usr/lib/vmware"
authd.proxy.vim = "vmware-hostd:hostd-vmdb"
authd.proxy.nfc = "vmware-hostd:ha-nfc"
authd.proxy.nfcssl = "vmware-hostd:ha-nfcssl"
authd.proxy.vpxa-nfcssl = "vmware-vpxa:vpxa-nfcssl"
authd.proxy.vpxa-nfc = "vmware-vpxa:vpxa-nfc"
authd.fullpath = "/sbin/authd"
authd.soapServer = "TRUE"
prefvmx.consolidateDeleteNFSLocks = "TRUE"
vmauthd.server.alwaysProxy = "TRUE"

0 Kudos
kjb007
Immortal
Immortal

Restart host management agents from the Console User Interface, or from your ssh session to the host, run '/sbin/services.sh restart'

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Gonzouk
Enthusiast
Enthusiast

Thanks.

After all that I still get "Failed to log into NFC server" when i'm trying to upload vmdk's tthrough my vSphere client to this host.

0 Kudos
Slingsh0t
Enthusiast
Enthusiast

Install winSCP on your computer.  Enable SSH on the host.  Launch WinSCP and connect to host.  Copy over your files.

0 Kudos
Gonzouk
Enthusiast
Enthusiast

Thanks, I might have to.  What is even stranger is I have just formatted the server and install an older version of ESXi (4.1) which I got workgin last year and it does the same thing.

0 Kudos
Gonzouk
Enthusiast
Enthusiast

Apparently it could be a DNS issue, how can I add a host file?

0 Kudos
kjb007
Immortal
Immortal

host file already exists under /etc/hosts, use vi to edit and insert as done previously with other file, and retry.

You may have to edit the host file on your client as well if DNS is a problem.  Better to get the issue fixed, and get DNS resolved.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Gonzouk
Enthusiast
Enthusiast

Do I need to add the vm hosts name and ip to the host file or our dns servers name and IP?

Thanks

0 Kudos
Slingsh0t
Enthusiast
Enthusiast

If my assumption is correct, the ESX host is sitting on a subnet different from your local workstation.  Are you trying to upload something to the Hosts local storage through a vSphere client connected to the vCenter server?  If so you will be unable to upload anything until the DNS entries are created for the ESX host/s.  You can edit the hosts file on your local machine to achieve this.

C:\windows\system32\drivers\etc\hosts

Add in the FQDN of your host with a few TAB spaces and then the IP address.

You should still be able to connect to the host with WinSCP via (external) IP address if nat'ing has been setup and the ports are open etc...  And of course everything I've mentioned assumes that you're sitting on a different network than the host you're connecting to.

0 Kudos
Gonzouk
Enthusiast
Enthusiast

Hi,

You are not far off. The host is on a different subnet behind our firewall, I just have port 443, 80, 22 and 23 open. This subnet has it's own dns server, I bet if I install the vsphere client on that dns server it will work. If it does I'm embarrassed as it makes perfect sense.

0 Kudos
kjb007
Immortal
Immortal

If you're accessing through a firewall, and DNS is different, then you two things to work out.  See here for the firewall info http://kb.vmware.com/kb/1012382

And you'll need to make sure that your client can resolve your host, and vice versa.

Installing inside your enclave will definitely work around this issue.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos