Hi,
I am running ESX 4.1 and I installed vShield Endpoint 5.01. I am trying to install Deep Security 8.0 SP1. After I prepare my ESX host, I get a vShield Endpoint alarm "vShield Endpoint Host Status" and I get the error message "Lost communication with ESX module" in the vShield Endpoint tab in vCenter. My dsva activates fine and vShield is shown as installed and registered in Deep Security Manager. The problem is that the anti-malware engine goes offline on my VMs. I installed the vShield driver using the latest vmware tools. Any help would be very appreciated. Thanks.
Bill
Bill
Is your ESX at patch 3 or later? http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200061...
Are you using these vmtools? http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200808...
Jonathan
<I work for Trend>
Hi Jonathan,
I am running ESX build 702113 and I tried that version (and the latest version) of ESX 5 vmtools. Thanks.
Bill
1. Run msinfo32 on the guest VM and verify that the driver vsepflt is loaded & running - see attachment
2. ssh to the ESXi and verify that the Endpoint module & filter driver are loaded - see attachment (run both commands)
3. any firewalls between components blocking ports 4118,4119,4120?
4. is Deep Security Manager, vShield Manager and vNIC1 of DSVA on the same vlan (or on vlans that can connect to one another?)
5. Did the non-routable vswitch get created on ESXi during the prepare? with ip address 169.254.50.1?
6. system time synchronized across all components?
Hi Jonathan,
1. Yes, my vsepflt driver is running.
2. I have a different output. I don't have the epsec-vfile.
vmw-vshield-endpoint-mux-5.0.1-638861 2012-06-06T11:07:26 vShield Endpoint userworld broker and multiplexer
Trend-FilterDriver-8.0.0-1680 2012-06-06T13:54:35 vmware-esx-dvfilter-dsa: ESX release
I have no output from /usr/sbin/vmkload_mod -l|grep vfile
3. No
4. Yes
5. Yes, but my IP is 169.254.1.1.
6. Yes.
Thank you!
Did you have a solution to your problem? I'm having the exact same problems, allthought it is with Kaspersky, but I think the problem is related to VMware, and not the AV.
No, I don't have a solution yet.
"bshearstone"
At this point I suggest calling Trend support, they will do a webex or similar troubleshooting session, reply back here if you need help with that process or send me a direct msg
I am having the same kind of issue, DSVA is not showing as a security VM in vshield.
I just now fixed mine, check to make sure you can ping the DSVA appliance from the esx host. You can do this by SSH into esx then just ping. Also, if you are using vShield whichever version make sure you have the correct license installed AND assigned to the solution in licensing tab. The license does not say which version of vshield it is for but you can check in myvmware.
Let me know if that worked for you. Might work for kaspersky as well.
Hi,
I had similar trouble while setting up a demo environment. I finally decided to upgrade my vCenter 4.1 to 5.0 still having ESX4.1 hypervisors and now all well works.
Regards
I ended up upgrading my vShield Manager to 5.0.2 and it worked.
I am at VMworld with limited access to email
If the matter is very urgent please call my cellular phone: (650) 303 1092
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
I had a similar problem and the reason virtual machine Anti-Malware protection had status "Anti-Malware Engine Offline" is that the host had duplicate value in:
UserVars/VshieldEndpointSolutionsConfiguration
~ # esxcfg-advcfg --get /UserVars/VshieldEndpointSolutionsConfiguration
Value of VshieldEndpointSolutionsConfiguration is <id:7498352642083520512;ip:169.254.1.39;port:48651;><id:7498352642083520512;ip:169.254.1.39;port:48651;>
Delete duplicate values and restart vShield-Endpoint-Mux
See full blog post:
http://www.vstrong.info/2012/09/14/trend-micro-deep-security-anti-malware-engine-offline/