Cisco HyperFlex Systems Installation Guide for VMware ESXi, Release 4.5

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: May 5, 2023

Chapter: Lockdown Mode

Lockdown Mode
Enable or Disable Lockdown Mode
- Enable or Disable Lockdown Mode from the DCUI:
- Enable or Disable Lockdown Mode from the vSphere Web Client:
Troubleshoot Lockdown Mode
- When at least one host is in Lockdown mode
- When the host is in Lockdown mode while the upgrade in progress:

Lockdown Mode

Overview

This section provides an introduction to Lockdown mode, which is used to increase the security of an ESXi host by limiting the access allowed to the host. When this mode is enabled, the ESXi host can only be accessed through the vCenter server or the Direct Console User Interface (DCUI). Enabling Lockdown mode affects which users are authorized to access host services.

Note

When enabling lockdown mode, you must add the hxuser account to each ESXi host exception user list.

Enable or Disable Lockdown Mode

This section describes how to enable or disable Lockdown mode either from the DCUI or from the vSphere web client.

Enable or Disable Lockdown Mode from the DCUI:

Procedure

Step 1	Log directly in to the ESXi host.
Step 2	Open the Direct Console User Interface (DCUI) on the host.
Step 3	Press F2 for Initial Setup.
Step 4	Press Enter to toggle the Configure Lockdown Mode setting.
Step 5	Browse to the host in the vSphere Web Client inventory.

Enable or Disable Lockdown Mode from the vSphere Web Client:

Procedure

Step 1	Browse to the host in the vSphere Web Client inventory.
Step 2	Click the Manage tab and click Settings.
Step 3	Under System, select Security Profile.
Step 4	In the Lockdown Mode panel, click Edit.
Step 5	Click Exception Users and select +Add user to add hxuser (all lowercase).
Step 6	Click Lockdown Mode and select one of the Lockdown mode options.

Troubleshoot Lockdown Mode

If you receive an error dialog box and/or the software upgrade fails in Lockdown mode, proceed with the following resolution options based the following scenarios:

When at least one host is in Lockdown mode

If adding hosts to vCenter in the deploy phase fails, and you receive the error message Failed to add hosts to vCenter:

Procedure

Step 1	Check the host Lockdown mode in pre-upgrade validation.
Step 2	Detect the situation, throw an error, and terminate the cluster upgrade.
Step 3	Disable Lockdown mode and try the upgrade again.

When the host is in Lockdown mode while the upgrade in progress:

If adding hosts to vCenter in the deploy phase fails, and you receive the error message Failed to add hosts to vCenter:

Procedure

Step 1	Check the host Lockdown mode before host upgrade.
Step 2	Detect the situation and error out and failed the upgrade.
Step 3	Disable Lockdown mode and try the upgrade again.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)