romatlo32
Enthusiast
Enthusiast

Unexpected root and dcui logins to host?

Jump to solution

Hello folks,

We have a Cisco UCS b200 M5 server that has lost its recognition of local SD cards, that hold the OS for boot.

Causing an error in vSphere related to it.

I am not sure it is related, but do see unexpected and not understood logins shortly before the first error directly on the host.

I've checked the /var/log/auth.log but do not see entries for this time (for some reason).

I've identified the "client" ip in the Description column, but did not see clear evidence yet when I logged into the server of unauthorized activity, yet.

Anyone have suggestions for how to determine where these logins came from and what they represent?

Thanks

vmwaresupport1.jpg

0 Kudos
1 Solution

Accepted Solutions
SupreetK
Commander
Commander

Based on the event description, it looks like they logged in to the host client of the host in question as a root user. Regarding the host losing connectivity to the boot SD card, what events (except the login ones) do you see in the vCenter or on the host? How often does it occur? Does reboot of the host addresses the issue?

Cheers,

Supreet

View solution in original post

0 Kudos
2 Replies
SupreetK
Commander
Commander

Based on the event description, it looks like they logged in to the host client of the host in question as a root user. Regarding the host losing connectivity to the boot SD card, what events (except the login ones) do you see in the vCenter or on the host? How often does it occur? Does reboot of the host addresses the issue?

Cheers,

Supreet

View solution in original post

0 Kudos
romatlo32
Enthusiast
Enthusiast

Thanks for the response!  I ended up replacing the controller through RMA process, luckily did not have to reinstall vSphere.

0 Kudos