vShield Endpoint SVM status vCenter alarm
vCenter is showing an alarm on the TrendMicro Deep Security Virtual Appliance (DSVA): ‘vShield Endpoint SVM status’
Checking vShield for errors:
The DSVA VA console window shows: (as to where it should show a red/grey screen)
Let’s go for some log file analysis
To get a login prompt: Alt + F2
Login with user dsva and password dsva (this is the default)
The log file we are going to check is the messages log file at /var/log/messages
1 |
less /var/log/messages |
(why less is more: you get almost all the vi commands)
To go to the last line:
1 |
G |
For some reason the ovf file is not like it is expected. The appliance is not able to set some ovf settings, in this case the network interfaces.
To exit the log file display mode:
1 |
q |
To gain root privileges:
1 |
sudo -s |
Enter the dsva user password
Navigate to the /var/opt/ds_agent/slowpath directory
1 |
cd /var/opt/ds_agent/slowpath |
Create the dsva-ovf.env file (if the file exists, delete the existing file first):
1 |
touch dsva-ovf.env |
Reboot the appliance, once rebooted give it 5 minutes and the alarm should clear automatically:
1 |
reboot |