VMware Cloud Community
gilad_benjamini
Contributor
Contributor
‎11-11-2008 01:17 AM

Zombie Guest

I was trying to locate a machine that was creating traffic on my network.

I ended up with a single VM, on a single port group, on a vswitch that is not connected to an external NIC.

From the console of this VM, I was pinging the zombie machine, and it was still answering (no, it wasn't the same machine I was pinging from).

Searching through my storage, I was able to locate a guest with a matching MAC address, and a matching port group in its vmx file. However, this guest is not in my inventory.

vmware-cmd -l doesn't show it

esxcfg-vswitch -l doesn't think it's connected to the port group.

Nevertheless, it seems to be alive and kicking.

I can get rid of the problems with some brute force actions, but I would love to understand what's going on.

Ideas ?

Reply
0 Kudos
5 Replies
Karunakar
Hot Shot
Hot Shot
‎11-11-2008 02:23 AM

Hi,

Every VM has a user world running.

When you power on a VM , this userworld is creating in ESX Server. and When the machine hostd has a problem or if the hostd has crashed, or has a inventory issue, the vm might got removed from the inventory, but still the vm is running.

if you are not using the vm right now, you can try to kill its user world process.

ps -aux | grep <vm name>, will give you the details of the process id of this userworld running.

untill this process is not killed, you can not even re register the vmx file of the vm, as it will be locked by the process running.

-Karunakar

Reply
Jasemccarty
Immortal
Immortal
‎11-11-2008 05:28 AM

Here's another way to get the PID:

cat /proc/vmware/vm//names |grep -i VMNAME | awk '/ / {print $19,$2}'*

Jase McCarty

http://www.jasemccarty.com

Co-Author of VMware ESX Essentials in the Virtual Data Center

(ISBN:1420070274) from Auerbach

Jase McCarty - @jasemccarty
Reply
0 Kudos
gilad_benjamini
Contributor
Contributor
‎11-11-2008 07:16 AM

Thanks.

The "ps" solution was almost there, but not good enough, as the process command line was too long and didn't include the vmx file name.

grep <vmx file name> /proc/*/cmdline

Thanks

Reply
0 Kudos
Jasemccarty
Immortal
Immortal
‎11-11-2008 07:22 AM

This will show you the config file.

cat /proc/vmware/vm/*/names |grep -i $1 | awk '/ / {print $19,$2,$3}'

Here's a sample output:

displayName="SERVERNAMESQL1" pid=2414 cfgFile="/vmfs/volumes/blahblahblah/SERVERNAMESQL1/SERVERNAMESQL1.vmx"

displayName="SERVERNAMESQL2" pid=2416 cfgFile="/vmfs/volumes/blahblahblah/SERVERNAMESQL2/SERVERNAMESQL2.vmx"

With a little work, you can display almost anything...

Jase McCarty

http://www.jasemccarty.com

Co-Author of VMware ESX Essentials in the Virtual Data Center

(ISBN:1420070274) from Auerbach

Jase McCarty - @jasemccarty
Reply
0 Kudos
Texiwill
Leadership
Leadership
‎11-12-2008 07:25 AM

Hello,

Also try:

VMID=`/usr/bin/vm-support -x | grep VMName|awk '{print $1}'|awk -F= '{print $2}`
KVMID=`cat /proc/vmware/vm/$VMID/cpu/status |awk '{print 21}'|grep -v group|awk -F\. '{print $2}'`
/usr/lib/vmware/bin/vmkload_app -k 9 $KVMID


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/

Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos