vShield Endpoint SVM status vCenter alarm

vShield Endpoint SVM status vCenter alarm

vCenter is showing an alarm on the TrendMicro Deep Security Virtual Appliance (DSVA): ‘vShield Endpoint SVM status’

vCenter vShield Alarm
vCenter vShield Alarm

Checking vShield for errors:

vShield errors

The DSVA VA console window shows: (as to where it should show a red/grey screen)

DSVA VA console

Let’s go for some log file analysis

To get a login prompt: Alt + F2

Login with user dsva and password dsva (this is the default)

The log file we are going to check is the messages log file at /var/log/messages

less /var/log/messages

(why less is more: you get almost all the vi commands)

To go to the last line:

G

DSVA messages log file

For some reason the ovf file is not like it is expected. The appliance is not able to set some ovf settings, in this case the network interfaces.

To exit the log file display mode:

q

To gain root privileges:

sudo -s

Enter the dsva user password

Navigate to the /var/opt/ds_agent/slowpath directory

cd /var/opt/ds_agent/slowpath

Create the dsva-ovf.env file (if the file exists, delete the existing file first):

touch dsva-ovf.env

Reboot the appliance, once rebooted give it 5 minutes and the alarm should clear automatically:

reboot
Start or stop ESXi services using PowerCLI

Start or stop ESXi services using PowerCLI

Start the ssh service on all hosts:

Get-VMHost | Foreach {
	Start-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq "TSM-SSH"})
}
PowerShell

If you want to start the ssh service on a single host, change ESXiHostName to your ESXi FQDN:

Get-VMHost -Name ESXiHostName | Foreach {
  Start-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq "TSM-SSH"})
}
PowerShell

If you want to stop the ssh service on all hosts:

Get-VMHost | Foreach {
  Stop-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq "TSM-SSH"})
}
PowerShell

If you have multiple cluster in vCenter, are connected to multiple vCenters, be sure to launch the command only to the necessary hosts:

  • Get-Cluster -Name ClusterName will filter to the specified Cluster
  • Get-VMHost -Name ESXiHostName will filter to the specified ESXi
  • Get-VMHost -Server vCenterServerName will filter to the specified vCenter server
Get-Cluster -Name ClusterName | Get-VMHost -Name ESXiHostName -Server vCenterServerName | Foreach {
  Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )
}
PowerShell

These are other services I frequently use:

  • DCUI (Direct Console UI)
  • lwsmd (Active Directory Service)
  • ntpd (NTP Daemon)
  • sfcbd-watchdog (CIM Server)
  • snmpd (SNMP Server)
  • TSM (ESXi Shell)
  • TSM-SSH (SSH)
  • vmsyslogd (Syslog Server)
  • vmware-fdm (vSphere High Availability Agent)
  • vpxa (VMware vCenter Agent)
  • xorg (X.Org Server)

There are other services available but I have never used them in this context (yet):

  • lbtd (Load-Based Teaming Daemon)
  • pcscd (PC/SC Smart Card Daemon)
  • vprobed (VProbe Daemon)

Change the startup policy for a service:

  • Automatic: Start automatically if any ports are open, and stop when all ports are closed
  • On: Start and stop with host
  • Off: Start and stop manually
Get-VMHost | Foreach {
	Set-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.key -eq "TSM-SSH"}) -policy On
}
PowerShell