Prev Question
Next Question

An administrator is attempting to access an ESXi host via the DCUI but is unable to do so.
Which could be two possible causes? (Choose two.)

A.
The host in question has no out-of-band management capability (i.e. iLO/iDRAC).

B.
The SSH service is disabled on the host.

C.
Strict lockdown mode is enabled on the host.

D.
Normal lockdown mode is enabled and the administrator is a member of the Exception User list.

E.
The DCUI service is disabled on the host.

Explanation:
https://blogs.vmware.com/vsphere/2015/03/vsphere-6-0-lockdown-modes.html

Prev Question
Next Question

Comments

  1. jonni

    C – E is correct
    https://blogs.vmware.com/vsphere/2015/03/vsphere-6-0-lockdown-modes.html

    In normal lockdown mode the DCUI service is not stopped. If the connection to the vCenter Server system is lost and access through the vSphere Web Client is no longer available, privileged accounts can log in to the ESXi host’s Direct Console Interface and exit lockdown mode. Only the following accounts can access the Direct Console User Interface:
    Accounts in the Exception User list for lockdown mode who have administrative privileges on the host. The Exception Users list is meant for service accounts that perform very specific tasks. Adding ESXi administrators to this list defeats the purpose of lockdown mode.
    Users defined in the DCUI.Access advanced option for the host. This option is for emergency access to the Direct Console Interface in case the connection to vCenter Server is lost. These users do not require administrative privileges on the host.

    STRICT LOCKDOWN MODE
    In strict lockdown mode, which is new in vSphere 6.0, the DCUI service is stopped. If the connection to vCenter Server is lost and the vSphere Web Client is no longer available, the ESXi host becomes unavailable unless the ESXi Shell and SSH services are enabled and Exception Users are defined. If you cannot restore the connection to the vCenter Server system, you have to reinstall the host.

Leave a Reply

Your email address will not be published. Required fields are marked *