Is “User dcui@ logged in as pyvmomi” Normal

I posted this on the VMware forums, but I didn’t get much in way of responses. We started with an issue where we were getting hundreds of these messages in the event log every hour, and with some help we found old VIBs installed from the manufactuers custom images. After [this](https://support.lenovo.com/us/en/solutions/ht502599) cleanup we only get 8-10 of these messages an hour now. Searching through the hostd log they correspond with these entries:

>2019-10-17T15:03:37.652Z info hostd[2100774] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=ee2461f0 user=:vsanmgmtd] Event 399 : User [dcui@](mailto:dcui@ logged in as pyvmomi

It makes it seem like HA is causing this and someone in [this](https://communities.vmware.com/thread/542349) thread seemed to say the same thing. Is this normal behavior? Does everyone with HA enabled get these in their logs? [This](https://kb.vmware.com/s/article/1031578) KB article says “In a default configuration of ESX Server host there is no process that repeatedly logs in as noted above in the Symptoms”. Should I just assume that by default configuration, they mean no HA?

I’ve spent a lot of time chasing down the sources of these messages in the last few months and I’d like to know the source of the last few I’m still seeing. We’re on ESXi 6.7 U2 and VCSA with all VMware and hardware vendor patches installed. I don’t recall seeing this in 6.5 before our upgrade, but I don’t have the logs anymore to be certain. Our hardware vendor pointed towards monitoring, but we don’t have any VMSphere monitoring only some basic hardware monitoring that runs off the managment ports. I’ve tried shutting it off to be certain an the events continue to be logged.

View Reddit by FeedTheTreesView Source

Related Articles


  1. I’ve also gone down the route of trying to chase down messages like this, back when I was a newer VMware guy. They ended up being related to the IPMI polling for HW status stuff. In your case, it looks like vSAN’s management daemon is running one of its python scripts used for pulling metrics/information, but I’d have to look at one of my vSAN envs to double check what it was actually doing.

    There *may* be a cron job associated with it, but as these questions come up a lot on the forums I’ve seen multiple different answers for it, depending on exactly which daemon is logging in.

  2. Datapoint: I do _not_ have VSAN deployed, and that event doesn’t appear at all on my ESXi 6.5 host logs. Not as strong as causation and absence of something isn’t evidence, but maybe the correlation is useful. I also don’t have a user/group named `vsanmgmtd`.

Leave a Reply

Your email address will not be published. Required fields are marked *