A while ago I was working with host profiles to get the hosts compliant with the CIS Benchmarks (https://www.cisecurity.org/benchmark/vmware/). But for some reason, I could not remediate some of the hosts.

Issue #1

The error I got was pretty generic…

I started looking at log files and decided to download a support log bundle. In there, there was a file vmsyslogd.err with some interesting lines:

Config error:Invalid config: invalid log directory: /vmfs/../scratch/log/..

So the configured log directory is not valid… And…

Well, inside my host profile I configure the setting Syslog.global.logdir and if the current setting is not valid it will not apply the setting from the host profile!

After going to the Advanced System Settings of the host and deleting the value for Syslog.global.syslog, I could remediate the host.

Problem solved.

Issue #2

Another issue I had, had to do with user accounts on the host. For some reason, you cannot create a new account on a host AND make changes to that account.

So you have to do it in two steps:
1. Create the account in a separate host profile
2. Make changes to that account in another host profile

For this to work unfortunately you have to switch host profiles…