TonyJK
Enthusiast
Enthusiast

"User root@127.0.0.1 logged in" every minute ?

Jump to solution

Hi,

We observe that 2 ESXi 5 Hosts in the same cluster (We only have 2 ESXi Hosts in that Cluster) get the following message every minute:

User root@127.0.0.1 logged in

User root logged out

Both ESXi Host and vCenter Server are of the latest build.  We also don't get such message in other Clusters of ESXi 5 Hosts.

That 2 ESXi Hosts are running on IBM Server with the latest IBM CIM installed.

Your advice is sought.

Thanks

Tags (2)
27 Replies
TBKing
Enthusiast
Enthusiast

I am now using HP ESXi 5.0 Management Bundle 1.2-26 - dated 6/4/2012

0 Kudos
CRad14
Hot Shot
Hot Shot

This was my experience with IBM Hosts

http://www.vnoob.com/2013/04/constant-root-logins-to-ibm-esxi-hosts/

Conrad www.vnoob.com | @vNoob | If I or anyone else is helpful to you make sure you mark their posts as such! 🙂

View solution in original post

stacycarter
Enthusiast
Enthusiast

Seeing the same with HP Gen 8 BL460 blades, using the latest HP ESXi 5.0 U2 ISO.  Did anyone ever contact HP support about this? I have an escalated ticket w/ HP, but its being treated like this is the first time they're hearing about it. Seems hard to believe when I've seen so many people reporting this on communities.

0 Kudos
jglamann
Contributor
Contributor

I did end up opening a VMware Support ticket for this issue to see if VMware could help.  We ended up narrowing this down to the HP AMS provider which is loaded as part of the HP Offline bundle.  If you remove the hp-ams vib or go back to version 1.2-26 the problem goes away.  I unfortunately was not able to open up a case with HP on this issue since it is a software issue and we don't have software support through HP, just hardware support.  You may reference my VMware case if you would like in your discussions with HP.  It has since been closed but the engineer mentioned this issue to the ecosystems team (connection to HP).  That is the best that he could do for me.  Support Request number is 13318503205.

0 Kudos
stacycarter
Enthusiast
Enthusiast

Thanks jglamann!  That is very helpful.

0 Kudos
VirtualizeME201
Contributor
Contributor

Excellent findings in the posted link!

0 Kudos
stacycarter
Enthusiast
Enthusiast

Here is a response from HP about the HP issue, via escalated case.  Permanent fix supposed to be part of future HP Offline Bundle, slated for release in September.

Summary:

Problem:

  1. 1. Gen8 Servers are deployed with : VMware-ESXi-5.0.0-Update2-914586-HP-5.27.20.iso
  2. 2. There are a high number of “User root@127.0.0.1 logged in” and “User root logged out” events in vCenter host logs

Answer/Solution:

Bundles with AMS Offline Bundle versions later than 9.2.0 are experiencing this issue.

Fix for this issue will be available in a future HP Offline Bundle for ESXi 5.x version.

Workaround:

Recommended workaround is to temporarily downgrade to Snap3 HP ESXi Offline bundle (ver 1.3.5) which includes previous HP AMS vib version 9.2.0.

URL to downgrade bundle to AMS Offline Bundle Version: 9.2.0 for VMware ESXi 5.x:

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15...

HP-provided ESXi Image ESXi 5.0 U1 Build 623860 (VMware-ESXi-5.0.0-Update1-623860-HP-5.25.11.iso) has the Offline Bundle Version 1.3.5 included into it.

If the user wants to use Esx.5.0 U2, then follow the workaround mentioned below.

  1. 1. Use the Esxi 5.0 U1 Build 623860.
  2. 2. Patch the OS alone to U2 without updating the HP Offline Bundle.

As outlined in the HP Systems Insight Manager 7.0 and HP Agentless Management overview document, the customer can also use the following commands to stop the AMS service (see below):

VMware ESXi 5.x AMS settings instructions:

– /etc/init.d/hp-ams.sh [start | stop | restart | status]

0 Kudos
mobinqasim786
Enthusiast
Enthusiast

Hi Guys,

Is there any way I can exclude specific source IP in the login attempts? I have a monitoring tool (no agent installed on ESXi) which needs to login onto ESXi servers after every few seconds to get the latest data. This is causing issues as we can see a lot of logged in and logged out events for the monitoring tool.

Please suggest if there is a way to exclude login attempts for particular source.

Regards,

Mobin

0 Kudos