I posted this on the VMware forums, but I didn’t get much in way of responses. We started with an issue where we were getting hundreds of these messages in the event log every hour, and with some help we found old VIBs installed from the manufactuers custom images. After [this](https://support.lenovo.com/us/en/solutions/ht502599) cleanup we only get 8-10 of these messages an hour now. Searching through the hostd log they correspond with these entries:
>2019-10-17T15:03:37.652Z info hostd [Originator@6876 sub=Vimsvc.ha-eventmgr opID=ee2461f0 user=:vsanmgmtd] Event 399 : User [firstname.lastname@example.org](mailto:email@example.com) logged in as pyvmomi
It makes it seem like HA is causing this and someone in [this](https://communities.vmware.com/thread/542349) thread seemed to say the same thing. Is this normal behavior? Does everyone with HA enabled get these in their logs? [This](https://kb.vmware.com/s/article/1031578) KB article says “In a default configuration of ESX Server host there is no process that repeatedly logs in as noted above in the Symptoms”. Should I just assume that by default configuration, they mean no HA?
I’ve spent a lot of time chasing down the sources of these messages in the last few months and I’d like to know the source of the last few I’m still seeing. We’re on ESXi 6.7 U2 and VCSA with all VMware and hardware vendor patches installed. I don’t recall seeing this in 6.5 before our upgrade, but I don’t have the logs anymore to be certain. Our hardware vendor pointed towards monitoring, but we don’t have any VMSphere monitoring only some basic hardware monitoring that runs off the managment ports. I’ve tried shutting it off to be certain an the events continue to be logged.
View Reddit by FeedTheTrees – View Source