Yesterday I had some trouble getting an ESXi host (5.1 build 1065491) out of lockdown mode. It was the strangest thing. In the GUI of the vSphere client it said that lockdown mode was enabled, so I tried to disable it and got the following error:

“A general system error occurred: Invalid fault”
ScreenShot016

When I opened the error to look at it more closely, I got a little more information but still not enough. The error stack stated:

Call "HostSystem.EnableAdmin" for object "esxi host FQDN" on vCenter Server “vcenter server FQDN” failed.
ScreenShot015

Now, how to get around this problem without too much effort and not having to bring the host down. First I logged in to the ILO of the host and checked the DCUI to see what the state of the lockdown mode was. Surprisingly it said that lockdown mode was disabled.

At that point I started to doubt if vCenter had given an error but still completed the task. After trying to refresh the vSphere client and still seeing Enabled in vCenter and Disabled in the DCUI, I decided to restart the management agent of the host. Hopefully this would bring everything back in line.

Unfortunately it didn’t. Off to some trial and error. Luckily for me, the first try did the trick. I logged back in to the DCUI of the host and enabled lockdown mode. After that I tried disabling it again via vCenter and it worked.

Later that day I came across a kb-atricle that was posted by VMware quite recently (04-10-2013) that exactly described the problem I had. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2017394