Sorry I forgot to point out that I can't even log in to 'Local Tech Support' (Alt-F1 console window)

Yes, I have enabled both

I have read all the info I can find.

Given the large variety of esx/esxi/3/4.0/4.1/vSphere/vCenter.... free and non-free, its near impossible to lay down accurate info!!

One document mentioned that users must be given some kind of remote login permission from the vSphere interface, but I don't have that option.

Maybe I should just whip out a test install.

Wait no I did mention it.

John, I totally resent your answer mate.

I thought about my post, and did all the prior research.

Maybe you should too next time, buddy.

Which version of ESXi are you running?

Prior to version 4.1, tech support mode will not ask for a username (like root). You will have to type "unsupported" and then the root password when prompted.

see http://kb.vmware.com/kb/1003677

André

ESXi 4.1

I have tried crating other users, and put them in the root group.

Is that the only way to make a user an 'administrator'?

I've not seen any other way of escalating a users OS level privileges.

Maybe the permissions tab in vSphere?

fyi, it is not ad integrated.

Cheers

Hi

Looks like Lockdown mode was enabled and DCUI,local support mode was disabled on you ESXi 4.1 through vCenter server, if your host it's still connected to vCetner you can enable it, choose host go to Settings --> Security Profile, there you can find all security settings but...

If your host it's not connected to vCenter anymore or your vCenter DB was lost or rebuild then you have to either wipe out your host or give it a try with procedure from below link

http://wannemacher.us/?p=375

Cheers
Artur

Please, don't forget the awarding points for "helpful" and/or "correct" answers.

I think arturka might be correct.

In case you enabled Lockdown Mode, you may want to take a look at http://kb.vmware.com/kb/1017628 to find out the differences between version 4.0 and 4.1 as well as how to workaround this.

André

Thanks Artur

I don't beleive I have vCenter - I have only vSphere?

I've read about lock down mode, and I don't beleive it to be the problem here - I am not locked out in any other area. Only console login. (both local and remote)

We have just the one 48gig ESXi server - No one has locked me out because of bureaucratic red tape.

I just think that maybe the admin who created the server maybe modyfied something

Maybe this is related: When I am logged in as root to vSphere, the cancel option is greyed out for a copy or move operation. Or is that normal?

Cheers

Michael.

Message was edited by: DoDo, name correction

I don't beleive I have vCenter - I have only vSphere?

I've read about lock down mode, and I don't beleive it to be the problem here - I am not locked out in any other area. Only console login. (both local and remote)

Hi Mike,

vSphere is a general name for VMware product, ESXi is a part of that product, another part is a vCenter server (central point of management for all ESXi servers). Anyway, lets get back to the point, I'm suspecting that former admin, at the very beginning install vcenter server (in trial mode) connect to ESXi and did modification in security profile. After 60 days trial license expired and he did deleted vCenter server itself without enabling back support mode and DCUI - now you have to fix that problem :smileyplain:

For me, if you don't wanna reinstall ESXi (for whatever reason), the quickets way would be:

1. install vcenter server (in trial mode) on some physical windows box (has to be windows server 64 bit version)
   http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
   download a VMware vCenter Server 4.1 Update 1 and modules iso or zip
2. perform action from my last replay
3. connect back ESXi to vCenter
4. enable techmode and DCUI
   http://blogs.vmware.com/esxi/2010/09/the-new-lockdown-mode-in-esxi-41.html
5. test DCUI, techmode
6. disconnect ESXi from vCenter

Should works

Cheers
Artur

Please, don't forget the awarding points for "helpful" and/or "correct" answers.

Thanks again Artur.

Only problem is: My DCUI is fine. The root password is accepted.

I have logged into DCUI, and enabled Local tech and remote tech. I have even changed the managment IP. So def. not locked out there.

Is your suggestion still a possibility?

Hi Mike,

Only problem is: My DCUI is fine. The root password is accepted.

I have logged into DCUI, and enabled Local tech and remote tech. I have even changed the managment IP. So def. not locked out there.

Is your suggestion still a possibility?

In that case no, you have full access to server.

To be honest Mike, I got little bit confused by your replays . can you write what problem do you have with your ESXi server, please ?

Cheers
Artur

Please, don't forget the awarding points for "helpful" and/or "correct" answers.

Lol ok, try to be clear

Essentially: Can't log in to local tech support as root or anyone for that matter.

Local tech suport meaning the physical vga console, Alt-F1.

F2/DCUI works.

I am ESXi 4.1, with just the one server. No known history of integration with vCenter. We have no other VM servers. Only using vSphere client 4.1

Error is "Access denied". My password 11 chars, with aplha and numeric, and caps.

Can you imagine what might possibly be the problem?

Thanks Artur

Michael.

I don't know why anyone would bother, but it almost seems as if the past admin has "tweaked" the pam.d settings in the /etc/pam.d directory of that host.  If it were me, I would install a fresh copy of ESXi elsewhere, and compare those settings to the one you're having trouble with.

Thanks for that. Only problem: I cant see the settings, as I can't log in...

lol.

But seriously, it is certainly looking like at least some investigation/self education is required with a test install.

And some cross-questioning of the installer

Something most likely got messed up due to a curious admin that was trying to tweak stuff, but ended up breaking stuff accidentally (or maybe they aren't even aware that they broke anything).  It happens.

Anyway, I highly suspect the pam.d setting were changed outside the scope of VMware's normal procedures (ie: using the DCUI or vSphere Client).  But, without being able to login remotely through SSH, you will have to try to figure it out by speaking to the original admin, or cut your loses at this point and reinstall ESXi.

Reinstalling isn't much of a big deal.  Since you don't use vCenter, it's not like you will lose any large amount of performance history, and will only need to recreate the vNetwork configuration, and import your VMs from the datastore(s).  You will obviously need to shutdown any running VM's, so a scheduled outage is required.

Ha ha yeah these things happen.

I will post back when/if I figure it out.

Thanks for the tips on reinstalling: certainly seems viable. We kinda messed up the raid construction anyway, so we might also blow away the datastores.

(We only get max 60meg a sec, and much less under multiple loads. We also currently have 8 x 1tb datastores, apparently because esxi had a 1tb limit?? So our space usage is very inefficient, and if we fix that, then we may as well be on raid 10)

Might be a busy weekend

Cheers