These machines are being used as standalone servers. They are not connected to a VC.

What is interesting is that the server becomes inaccessible over the infrastructure client, and when I look at the server console directly I see that root lockdown mode is enabled.

I cannot disable the root lockdown mode from the Console either. The only thing that will unlock it is a reboot.

see this KB, it may help

http://kb.vmware.com/kb/1003887

Thanks for the link Troy. I've tried this before, with a couple of different users. When the issue crops up, no user can access the box over VIC. I also enabled SSH access to the server following this link

http://communities.vmware.com/message/881932#881932

When the servers go inaccessible, I cannot access them via SSH either. The error is "SSH Identifer Exchange error" or similar.

On the VIC, the error messages vary between "A connection could not be established", "Invalid user" and "The connection was reset" or similar

I'm wondering if the root lockdown mode is just a symptom of a different issue, since the ESX 3i configuration guide at http://www.vmware.com/pdf/vi3_35/esx_3i_e/r35/vi3_35_25_3i_server_config.pdf

says that lockdown mode is available only on 3i servers that have been added to VC. Since I'm not using VC at all, I'm wondering why its even getting set at all

Here's some more info. I just had a server become inaccessible, and here are the symptoms:

1) Attempts to connect over VIC as root throw up the error "A connection failure occured"

2) Hitting Alt+F1 on the console shows a bunch of errors : /etc/init.d/sfcbd: 129 :Cannot fork

3) Typing "unsupported" at this screen allows a password prompt, from where i can log in with my root password

4) Running /etc/init.d/sfcbd status outputs:

/etc/init.d/sfcbd: 129 :Cannot fork

5) Trying to restart the sfcbd service fails, same error

6) Alt+F12 to the vmkernel log shows these two errors both repeated twice:

Admission check failed for memory resource

Failure during exec while original state already lost

Any thoughts?

Are you sure that root lockdown mode is enabled? Can you go to the console interface screen (ALT-F2) and go to the "Configure Lockdown Mode" item? It should say if lockdown mode is enabled or disabled.

My guess is that the management agent (hostd) on the system is not responding. You can try the "Restart Management Agents" item from the console. This will restart both hostd and the health monitoring agents (sfcbd). Let me know if this solves the problem.

VMware support finally answered my question!Symptoms

"In VirtualCenter ESX 3i host does not respond. Disconnecting and reading the host into VirtualCenter will not respond. If you go to the console of the ESX 3i host a message is continually being repeated "Stopping sfcbd." You are unable to go into "unsupported" mode, and a restart of the management agents does nothing to fix it.

Resolution

This is a known issue with ESX3i, and is fixed in Update 2. This is caused by backup of the hidden partition within ESX 3i failing, and causing the console to go into "lockdown" mode. Unfortunately there is no way to recover from this without a reboot.

We have released ESX 3i Update 2 build 103909 this week! So that is good news.

Here is the link to the documentation and download information:

http://vmware.com/support/vi3/doc/vi3_esx3i_i_35u2_vc25u2_rel_notes.html"