What is lockdown mode?
Normally we are using vcenter to manage multiple esx hosts. But if we required we can login to the esx host directly using vsphere client.Once we enabled lockdown mode, we cannot connect to the esx host using vsphere client.
When we trying to connect lockdown mode enabled esx, it will give below error message
In case of a vcenter unavailability, we can simply disable lockdown mode from the DCUI.
With the vcenter version 6.0 , there are new features available as listed below
- Normal lockdown mode & strict lockdown mode.
- Exception users.
Strict lockdown mode
In a normal loc down mode, the DCUI interface are working normall way. If required we can login to the DCUI and disable the lockdown mode. But with the strict lockdown mode DCUI service will be stopped. We must connect to the esx host via vcenter server only. This policy will not apply for the exception users.
To enable strict lock down mode.
1.Login to the vcenter using web client.
2.Select the “host”> Select “Manage” > Select “Settings”
3.Edit the lockdown mode
4.Select “Strict” from the list and click on “ok”
Once strict mode is configured we cannot login to the DCUI
Exception Users
Inside the esx host we can create multiple local users or we can use our active directory user accounts.
With the new version of vcenter we can add some of the users to the exception user list under the lockdown mode configuration. Which means these users can connect to the esxi host via any time. It doesn’t matter that lockdown strict mode configured or not.
Example-in my esx01 I have a user called “admin”. And lockdown mode is configured to the “Strict”. But I have added this “Admin”user to the exception list. Then any time this user can connect to the esx host via vsphere client.
VMware,Microsoft Knowledge Sharing Portal 