VMware Cloud Community
kondrichRHI
Enthusiast
Enthusiast
‎11-30-2017 01:51 AM
Jump to solution

Service Discovery Management Pack issues

Hello,

Service Discovery Management Pack 2.0 (VMware Solution Exchange) is a great thing. However, we enounter several issues in vROps 6.6.1 that are weird. We are using "vSphere with Operations Management Enterprise Plus for vRealize Operations" license.

Though we are scanning with a domain user that is admin on all scanned Windows VMs, most VM's service details are displayed, but some are not. I can see the scan in vCenter events, I see it in Windows Security log, but no results are displayed for some machines in vROps.

Some VMs show even a stranger behaviour: I created some custom services like SQL Server Analysis Services (SSAS). On our DWH servers running Windows Server 2016 and SQL Server 2016, the standard SQL Server instance is not shown (default instance on default port 1433), but my custom SSAS service is correctly reported back to vROps on the same VM (SQL Server instance reporting failed already before createing this custom service for SSAS).

Other VMs with Windows Server 2016 and SQL Server 2016 are correctly scanned and SQL Server instance is reported.

I already tried to set guest user mappings for those VMs in vCenter using the SQL Server service user (also a domain user with local admin rights in those VMs) or even using local Administrator user. No chance, after next scheduled scan, the SQL Server instance was still not shown.

Are there any logs for this Management Pack available? Looking at the Windows logs, I cannot see a difference between correctly scanned machines and those that are not.

0 Kudos
1 Solution

Accepted Solutions
kondrichRHI
Enthusiast
Enthusiast
‎12-05-2017 04:34 AM
Jump to solution

So, here is the answer: The scan will will fail with an error like this if User Account Control (UAC) is enabled. Once UAC is disabled and the server is rebooted, Service Discovery Management Pack is able to scan it. Please note that you have to disable UAC in the registry on Windows Server 2012 and above and not via GUI: In HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system set EnableLUA to 0.

For the specific error mentioned before it worked too, if you explicitly granted read access to your scan user on C:\Windows\system32\inetsrv\config\

View solution in original post

3 Replies
bcieUCC
Contributor
Contributor
‎12-01-2017 07:43 AM
Jump to solution

I'm having an issue with finding any services at all - I've configured an admin account for the discovery to use (in the adapter), but it's simply not using it. It just keeps saying that it failed to authenticate with the guest user.

The only way I've found to get logs is to go to Administration -> Support -> logs and look for the SDM adapter.

I'm still trying to find out why different VMs give different results for authentication and service discovery.

0 Kudos
kondrichRHI
Enthusiast
Enthusiast
‎12-05-2017 12:22 AM
Jump to solution

Thank you for the log hint.

I found this error in the logs for a server that is not reported correctly, though Service Discovery Management Pack reports "Success" for Service Discovery Status:

[4262] 2017-12-05 06:07:11,855 ERROR [pool-38-thread-9] (359) com.vmware.adapter3.applicationdiscovery.activeprobe.controller.DiscoveryTaskRunner.runNetworkProbes - MyServerName | vm-243 | FAILURE | WindowsIis7AndAboveLocation | | Exception occurred while running probe

[4263] com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Unable to access file C:\Windows\system32\inetsrv\config\applicationHost.config Please see the server log to find more detail regarding exact cause of the failure.

[4264] at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)

[4265] at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:124)

[4266] at com.sun.xml.internal.ws.client.sei.StubHandler.readResponse(StubHandler.java:238)

[4267] at com.sun.xml.internal.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:189)

[4268] at com.sun.xml.internal.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:276)

[4269] at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:104)

[4270] at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:77)

[4271] at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:147)

[4272] at com.sun.proxy.$Proxy285.initiateFileTransferFromGuest(Unknown Source)

[4273] at com.vmware.adapter3.applicationdiscovery.guestoperation.impl.RemoteGuestOperationImpl.readFileFromGuest(RemoteGuestOperationImpl.java:86)

[4274] at com.vmware.adapter3.applicationdiscovery.guestoperation.impl.RemoteGuestOperationImpl.readFileFromGuest(RemoteGuestOperationImpl.java:358)

[4275] at com.vmware.adapter3.applicationdiscovery.kb.probes.applications.iis.WindowsIis7AndAboveLocationProbe.run(WindowsIis7AndAboveLocationProbe.java:37)

[4276] at com.vmware.adapter3.applicationdiscovery.activeprobe.controller.DiscoveryTaskRunner.runNetworkProbes(DiscoveryTaskRunner.java:194)

[4277] at com.vmware.adapter3.applicationdiscovery.activeprobe.controller.DiscoveryTaskRunner.runTask(DiscoveryTaskRunner.java:127)

[4278] at com.vmware.adapter3.applicationdiscovery.activeprobe.ApeTaskRunner.lambda$start$0(ApeTaskRunner.java:89)

[4279] at java.util.concurrent.FutureTask.run(FutureTask.java:266)

[4280] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

[4281] at java.util.concurrent.FutureTask.run(FutureTask.java:266)

[4282] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

[4283] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

[4284] at java.lang.Thread.run(Thread.java:748)

It's running Windows Server 2016 with IIS and SQL Server 2016 SP1: None of the services is reported to vROps.

I checked this machine's Windows Application, Security & System Logs: No errors are recorded during the scan. Of course, IIS is running.

Browsing through the list if VMs I supposed that all Windows Server 2016 VMs with IIS fail to scan. But there is at least one VM with Windows Server 2016, IIS and SQL Server 2016 that is correctly reported.

0 Kudos
kondrichRHI
Enthusiast
Enthusiast
‎12-05-2017 04:34 AM
Jump to solution

So, here is the answer: The scan will will fail with an error like this if User Account Control (UAC) is enabled. Once UAC is disabled and the server is rebooted, Service Discovery Management Pack is able to scan it. Please note that you have to disable UAC in the registry on Windows Server 2012 and above and not via GUI: In HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system set EnableLUA to 0.

For the specific error mentioned before it worked too, if you explicitly granted read access to your scan user on C:\Windows\system32\inetsrv\config\