I am running ESX 4.1 and I installed vShield Endpoint 5.01. I am trying to install Deep Security 8.0 SP1. After I prepare my ESX host, I get a vShield Endpoint alarm "vShield Endpoint Host Status" and I get the error message "Lost communication with ESX module" in the vShield Endpoint tab in vCenter. My dsva activates fine and vShield is shown as installed and registered in Deep Security Manager. The problem is that the anti-malware engine goes offline on my VMs. I installed the vShield driver using the latest vmware tools. Any help would be very appreciated. Thanks.
Is your ESX at patch 3 or later? http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200061...
Are you using these vmtools? http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200808...
<I work for Trend>
1. Run msinfo32 on the guest VM and verify that the driver vsepflt is loaded & running - see attachment
2. ssh to the ESXi and verify that the Endpoint module & filter driver are loaded - see attachment (run both commands)
3. any firewalls between components blocking ports 4118,4119,4120?
4. is Deep Security Manager, vShield Manager and vNIC1 of DSVA on the same vlan (or on vlans that can connect to one another?)
5. Did the non-routable vswitch get created on ESXi during the prepare? with ip address 169.254.50.1?
6. system time synchronized across all components?
1. Yes, my vsepflt driver is running.
2. I have a different output. I don't have the epsec-vfile.
vmw-vshield-endpoint-mux-5.0.1-638861 2012-06-06T11:07:26 vShield Endpoint userworld broker and multiplexer
Trend-FilterDriver-8.0.0-1680 2012-06-06T13:54:35 vmware-esx-dvfilter-dsa: ESX release
I have no output from /usr/sbin/vmkload_mod -l|grep vfile
5. Yes, but my IP is 169.254.1.1.
At this point I suggest calling Trend support, they will do a webex or similar troubleshooting session, reply back here if you need help with that process or send me a direct msg
I just now fixed mine, check to make sure you can ping the DSVA appliance from the esx host. You can do this by SSH into esx then just ping. Also, if you are using vShield whichever version make sure you have the correct license installed AND assigned to the solution in licensing tab. The license does not say which version of vshield it is for but you can check in myvmware.
Let me know if that worked for you. Might work for kaspersky as well.
I had similar trouble while setting up a demo environment. I finally decided to upgrade my vCenter 4.1 to 5.0 still having ESX4.1 hypervisors and now all well works.
I am at VMworld with limited access to email
If the matter is very urgent please call my cellular phone: (650) 303 1092
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
I had a similar problem and the reason virtual machine Anti-Malware protection had status "Anti-Malware Engine Offline" is that the host had duplicate value in:
~ # esxcfg-advcfg --get /UserVars/VshieldEndpointSolutionsConfiguration
Value of VshieldEndpointSolutionsConfiguration is <id:7498352642083520512;ip:169.254.1.39;port:48651;><id:7498352642083520512;ip:169.254.1.39;port:48651;>
Delete duplicate values and restart
See full blog post: