VMware Cloud Community
romatlo32
Enthusiast
Enthusiast
‎09-28-2018 03:02 PM
Jump to solution

Unexpected root and dcui logins to host?

Hello folks,

We have a Cisco UCS b200 M5 server that has lost its recognition of local SD cards, that hold the OS for boot.

Causing an error in vSphere related to it.

I am not sure it is related, but do see unexpected and not understood logins shortly before the first error directly on the host.

I've checked the /var/log/auth.log but do not see entries for this time (for some reason).

I've identified the "client" ip in the Description column, but did not see clear evidence yet when I logged into the server of unauthorized activity, yet.

Anyone have suggestions for how to determine where these logins came from and what they represent?

Thanks

vmwaresupport1.jpg

0 Kudos
1 Solution

Accepted Solutions
SupreetK
Commander
Commander
‎09-29-2018 06:41 AM
Jump to solution

Based on the event description, it looks like they logged in to the host client of the host in question as a root user. Regarding the host losing connectivity to the boot SD card, what events (except the login ones) do you see in the vCenter or on the host? How often does it occur? Does reboot of the host addresses the issue?

Cheers,

Supreet

View solution in original post

0 Kudos
2 Replies
SupreetK
Commander
Commander
‎09-29-2018 06:41 AM
Jump to solution

Based on the event description, it looks like they logged in to the host client of the host in question as a root user. Regarding the host losing connectivity to the boot SD card, what events (except the login ones) do you see in the vCenter or on the host? How often does it occur? Does reboot of the host addresses the issue?

Cheers,

Supreet

0 Kudos
romatlo32
Enthusiast
Enthusiast
‎11-27-2018 08:16 AM
Jump to solution

Thanks for the response!  I ended up replacing the controller through RMA process, luckily did not have to reinstall vSphere.

0 Kudos