5 Replies Latest reply on Feb 19, 2019 6:51 AM by sjesse

    Vulnerability Scans Will Crash VCSA 6.5.0.5200

    dbray925 Novice

      Recently we have discovered an issue where a simple vulnerability scan (we are using latest OpenVAS + Full and fast ultimate scan all TCP ports) will crash the VCSA. It is killing this new service called: vmdnsd (VMware Domain Name Service)

       

      Our setup is fairly small, 3 hosts and about 40 guests, highly under utilized, with plenty of free memory and CPU. Each night the scans kick off, we noticed the following start scrolling by in the log files:

      vmdnsd t@139675744290560: dirsync failed with 9127.

      vmdnsd t@139675744290560: dirsync failed with 9127.

      vmdnsd t@139675744290560: dirsync failed with 9127.

      vmdnsd t@139675744290560: dirsync failed with 9127.

       

      This happens over and over continuously until the service is restarted. If we try to login to the Web client, we are presented with a web SSO error, and are unable to login. The only solution we've found to this, is SSH into the VCSA and run the following:

      service-control --stop vmdnsd

      service-control --start vmdnsd

      This will quickly stop the "dirsync failed with 9127." from scrolling, and allow logins again. We have opened a ticket with VMware on this issue, but so far they have been unable to help with this, and basically have told us "just stop scanning the appliance". Not really a good fix, as we have basically identified a DOS on the VCSA, and they are unable to fix it.

       

      Just wanted to give everybody else a heads up, in case your security team (like ours) performs regular scans on the network (OpenVAS, Nessus, etc.) For now, just put the VCSA into the exception list