VMware Cloud Community
jasongegere
Contributor
Contributor

Cannot login user @127.0.0.1: no permission - vShere Client

I recently logged in to my vSphere Client with a user other than root and decided to check the Events log to see if another odd has been happening since my last login. About every 4 seconds an attempt to login via 127.0.0.1 is being made and I can't figure out what would be trying to login. Any suggestions?

Screenshot attached of the Event log.

Reply
0 Kudos
17 Replies
gregbarr
Contributor
Contributor

I've got the same issue, "Cannot login user @127.0.0.1: no permission" error every 3-4 seconds. Event details do not show where login attempt came from, but I do not see anything coming through firewall to the management port and there are no rules to allow anything, so I'm assuming it's coming from inside my network.

Server running ESXi 4.0 as a standalone server.

Hoping someone can tell me how to tell where this login attempt is coming from or any other suggestion.

Found a similar discussion here: http://communities.vmware.com/message/1314716#1314716

Reply
0 Kudos
Troy_Clavell
Immortal
Immortal

I would confirm lockdown mode is enabled, just in case

http://kb.vmware.com/kb/1003117

Reply
0 Kudos
gregbarr
Contributor
Contributor

Lockdown mode is enabled in my case.

Reply
0 Kudos
Troy_Clavell
Immortal
Immortal

do you want it enabled? If not, disable it, you will probably see those logs go away.

gregbarr
Contributor
Contributor

Lockdown mode is preferred. If this error is not as serious as it at first seems, I can ignore it.

Any idea why lockdown mode could cause this?

Reply
0 Kudos
jasongegere
Contributor
Contributor

Lockdown mode is enabled in my case, also.

Reply
0 Kudos
Troy_Clavell
Immortal
Immortal

I don't know a lot about ESXi, but from my understanding lockdown mode was typically only enabled if you had vCenter managing the server.

http://www.vmware.com/files/pdf/vmware_esxi_management_wp.pdf

Reply
0 Kudos
jasongegere
Contributor
Contributor

I do find it quite odd that having the system in lockdown mode would cause a user in the system to attempt to continuiously login.

Is it trying to confirm that it is in lockdown mode.

3sec later. "Check, in lock downmode!" (repeat)

Reply
0 Kudos
hharold
Enthusiast
Enthusiast

We are also facing the same "Cannot login user @127.0.0.1: no permission" - error on a new vSphere Cluster (ESX4i Hosts)

It is definately related to enabling Lockdown Mode.

But we wat it enabled, en we do not want our logs to fill up that fast.

I will raise a SR on Monday and keep you posted.

Regards,

Harold

Reply
0 Kudos
DSeaman
Enthusiast
Enthusiast

We are also seeing this error, but it's not related to lockdown mode. In our case it started when we installed our custom SSL certificates on the ESXi host.

Derek Seaman
Reply
0 Kudos
colin_graham
Contributor
Contributor

Harold - did you get a resolution for this problem from VMware? We have also encountered this issue and got around it by disabling Lockdown Mode. Not really an acceptable solution as we want to use this feature.

Thanks,

Colin.

Reply
0 Kudos
jasongegere
Contributor
Contributor

That is the only solution I was able to find. Disable Lockdown mode. Which is silly to me.

Reply
0 Kudos
DSeaman
Enthusiast
Enthusiast

Contrary to my last post, we are now seeing this issue when lockdown mode is enabled. In addition, lockdown mode DISABLES the ability for the ESXi host to automatically startup VMs when rebooting or powering up from a cold state. As soon as you disable lockdown mode, my VMs automatically startup.

I'm waiting for update 1, and if it's not fixed in there, I'll open a support case. This is just silly!

Derek Seaman
Reply
0 Kudos
hharold
Enthusiast
Enthusiast

Actually, a few days ago we managed to solve this thanks to VMware support.

You have to enter the (unsupported) service console in ESXi. (Tech Support Mode)

(Enter maintenance mode first)

Be careful Tech Support Mode is not supported unless used in consultation with VMware Tech Support.

And rename this file:

cp /etc/vmware/hostd/authorization.xml /etc/vmware/hostd/authorization.xml.org

Restart the management agents, or restart the host.

This is an internal VMware kb article, not yet out in the public knowledgebase for whatever reason.

Regards,

Harold

Reply
0 Kudos
DSeaman
Enthusiast
Enthusiast

VMware support confirmed that this is a known bug. There are two bugs caused when enabling lockdown mode. First, the CIM agent breaks and causes the 127.0.0.1 login issues. Second, the VM automatic startup/shutdown feature is broken. While the two issues are caused by lockdown mode, different code paths have bugs.

VMware did not have any estimated fix date, and it's still broken in U1. My suggestion is to call VMware, open a case, and them attach your trouble ticket to the case. Apparently this is a pretty widespread issue, and disabling the CIM agents is not acceptable to me. This blinds me to any and all hardware health status.

Derek Seaman
Reply
0 Kudos
admin
Immortal
Immortal

I reviewed the internal KB article mentioned earlier.

This issue has been resolved in the vSphere 4.0 Update 2 release.

Sincerely,

Shane C. Hage

Technical Account Manager

VMware Inc.

Connect with me:

Reply
0 Kudos
Chamon
Commander
Commander

We have run into the same issue. Here is our work around untill we are ready to patch to U2.

This only seems to appear when Lockdown mode is enabled and the host is rebooted. After the reboot disable lockdown mode. Wait for 4 info messages that root has logged in and then logged out twice. Then re-enable lockdown mode. You should then be good until the next host reboot.

Reply
0 Kudos