Nope......

Interesting, I logged into one of my hosts and checked the /var/log/messages file and its full of invalid root login attempts. There is a cimservera process running it seems......but from your KB article, it does not exhibit the issue stated in the article:

vmware-authd(pam_unix)[1209]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 08:52:35 sfwesx01 vmware-hostd[1209]: Rejected password for user root from 127.0.0.1

Jan 12 08:57:32 sfwesx01 vmware-authd(pam_unix)[1209]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 08:57:35 sfwesx01 vmware-hostd[1209]: Rejected password for user root from 127.0.0.1

Jan 12 09:02:32 sfwesx01 vmware-authd(pam_unix)[1209]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 09:02:34 sfwesx01 vmware-hostd[1209]: Rejected password for user root from 127.0.0.1

Jan 12 09:07:32 sfwesx01 vmware-authd(pam_unix)[1209]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 09:07:35 sfwesx01 vmware-hostd[1209]: Rejected password for user root from 127.0.0.1

Jan 12 09:12:32 sfwesx01 vmware-authd(pam_unix)[1209]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 09:12:35 sfwesx01 vmware-hostd[1209]: Rejected password for user root from 127.0.0.1

have you changed the root password recently? Do you have anything that connects to your COS with root credentials (ie vCharter)?

Root password has definately not been changed. Just migrated all the hosts from VC 2.1 server to a new VC 2.5 server. There is nothing I knwo of that connects as root....

Troy,

Checked another and it is also displaying the same thing:

vmware-authd(pam_unix)[16817]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 08:12:34 sfwesx02 vmware-hostd[16817]: Rejected password for user root from 127.0.0.1

Jan 12 08:17:32 sfwesx02 vmware-authd(pam_unix)[16817]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root

Jan 12 08:17:35 sfwesx02 vmware-hostd[16817]: Rejected password for user root from 127.0.0.1

Jan 12 08:17:59 sfwesx02 ntpd[836]: can't open /var/lib/ntp.drift.TEMP: Permission denied

This happens when upgrading from VC versions, at least it's happened to me every single time. So here is how you fix it.

disconnect from VC (and all the other hosts at the same time with trouble)

Login to each ESX host with VIC direct.

Remove vmxusers and vpxuser

login with SSH/Putty

go to /etc/vmware/ssl remove ALL the files in there (only 2 certificates)

run: service mgmt-vmware restart

wait about 60 seconds, and try to reconnect, you will get prompted for credentials but now you should be able to connect again.

also, for your drift file. Check /etc/ntp.conf

should look

driftfile /var/lib/ntp/drift

service ntpd restart

I don't have a problem logging into VC or any of the hosts, I can get in just fine. What I want to know is #1 what is this #2 what is the impact and #3 how is it fixed......

Well, one of the hosts is right, another i checked had

restrict 127.0.0.1

restrict default kod nomodify notrap

server 0.pool.ntp.org

server 1.pool.ntp.org

server 2.pool.ntp.org

driftfile /var/lib/ntp/drift

I recently had the same exact issue, I was able to resolve mine. vReplicator was the culprit, I was testing this about a month or so back the password policy changed and it was using my old password to try and log in. Once I stopped vReplicator all those messages went away. Hope this helps you...

Thank you,

Express

What is vReplicator?!

vRepilcator is part of Vizioncore, for vm backups and of the sort... www.vizioncore.com

Thank you,

Express

Oh, right on. Unfortunately I am not using that

The only thing I would suggest is to check on any applications you may have recently installed and either its not working or you are not using anymore, maybe a trail version of something.... good luck once you do find it lets us know so we can all get a little more educated....

Thank you,

Express