Highlighted
Contributor
Contributor

Strange thing : User dcui@127.0.0.1 logged in and out messages flooding in event list

In ESXi's hot web page's event list, nearly every minutes, there are messages saying "User dcui@127.0.0.1 logged in as" and immediately "User dcui@127.0.0.1 logged out". Even if I reboot the host, the messages continues. What does the message come from? 127.0.0.1 seems it comes from the host itself, why? What it is doing?

ESXi: 6.0.0 Update 3 (Build 5050593)

pastedImage_0.png

And, I inspected /var/log/hostd.log, it has more details:

pastedImage_1.png

Want to know the reason. And what is sub=Vimsvc.ha-eventmgr? is Vimsvc.ha-eventmgr related to High Availablity?

Thanks a lot!

0 Kudos
4 Replies
Highlighted
User Moderator
User Moderator

Hi

See this discussion:

https://communities.vmware.com/thread/542349

Diego Oliveira LinkedIn: http://www.linkedin.com/in/dcodiego
0 Kudos
Highlighted
Contributor
Contributor

Thank you very much, diegodco31​. Read the thread you metioned found that though iit is very simialr, the issue is different from our issue.  In that thread the message is:

"User dcui@127.0.0.1 logged in as VMware-client/5.1.0

User dcui@127.0.0.1 logged out (login time: 25-08-2016 19:15:01, number of API invocations: 0, user agent: VMware-client/5.1.0) "

and every 5 minutes the message appears. And in our issue the message is:

User dcui@127.0.0.1 logged in as

User dcui@127.0.0.1 logged out (login time: Tuesday, 05 March, 2019, 17:43:01, number of API invocations: 0, user agent: )

and every minute the message appears, also there is no User agent in log message, which gives more suspious and strange.

In another comment sayingt that in hostd.log ( under /var/log) and search for this string " number of API invocations: 0, user agent: VMware-client/5.1.0" .

That line of log will tell who is invoking this . Most probably this can be "Vimsvc.ha-eventmgr" , which tells that HA agent is trying to get some status and then logging out.

Our issue has this message, but HA is not enabled in our enviroment.

Thank you again diegodco31​! We appreciate your help and looking forward to further information.

0 Kudos
Highlighted
Contributor
Contributor

Attached full hostd.log

0 Kudos
Highlighted
Contributor
Contributor

Hello panjl3​,

it's a few month already, but did you ever find a solution or at lest a cause for this issue?

I am seeing very similar events on some of our servers (Lenovo) and here it seems to caused by a Lenovo provided script that's executed every minute via cron.

cat /var/spool/cron/crontabs/root

#min hour day mon dow command

[...]

* * * * * /etc/cim/lenovo/refresh.sh # Refresh the firewall settings every one minute

Commenting out the script and restarting crond causes the events to disappear.

However there might be a valid reason for this script to run regularly so I'm not sure if I should really disable it.

Also there is another Lenovo ESXi server with the same cron entry without the dcui@127.0.0.1 entries in hostd.log...

Regards,

CM

Edit:

For Lenovo servers this forum topic is interesting: ESXi 6.0u3 Custom Image throws information messages every minute on hosts - Lenovo Community

So insted of just disabling the script I updated the servers using the latest Lenovo provided Image for the respective vSphere version and now at least the frequency of the dcui@127.0.0.1 logged in / logged out messages did significantly drop

0 Kudos