An administrator is able to manage an ESXi 6.x host connected to vCenter Server using the vSphere Web Client but is unable to connect to the host directly.
Which action should the administrator take to correct this behavior?
A.
Restart management agents on the ESXi host.
B.
Disable Lockdown Mode on the ESXi host through vCenter Server.
C.
Disable the ESXi firewall with the command esxcli network firewall unload.
D.
Reboot the ESXi host.
Explanation:
Explanation/Reference:
A is correct
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-00978746-4F96-4C53-B778-7E4ACB114B86.html
This is a symptom of lockdown mode.
B is correct.
https://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-F8F105F7-CF93-46DF-9319-F8991839D265.html
I would say this is a case of B being more correct. Yes, management agents having issues may cause the web client to work and SSL cannot connect. Though, Lockdown mode is most likely the issue.
‘B’ for sure.
Had there been anything wrong with mgmt agents, vSphere Client (both Web and C#) would not be able to communicate with ESX either.
https://kb.vmware.com/kb/2040768
To resolve this issue:
Disable lockdown mode through the DCUI and then enable it through the vCenter Server instead.
The vCenter Server does not keep track of lockdown mode state changes that initiated outside of the vCenter Server itself.