VMware Cloud Community
Shlomico12
Contributor
Contributor
‎12-08-2019 06:50 PM

My esxi servers try to connect by ONC-RPC to old files server (alredy removed)

Hi

I can see on my firewall ONC-RPC session end with timeout.

I didn't find any place that the old server is use.

Any ideas?

Reply
0 Kudos
6 Replies
daphnissov
Immortal
Immortal
‎12-08-2019 07:07 PM

Really need more info here. Only possibility may be attempting to mount an NFS server.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
Shlomico12
Contributor
Contributor
‎12-08-2019 11:47 PM

I didn't find any NFS related to this server.

I find out that I didn't remove the VM replication (by Veeam) from my DR...

I remove it and see if this is the reason.

Reply
0 Kudos
Shlomico12
Contributor
Contributor
‎03-25-2020 11:05 PM

I keep getting ONC-RPC sessions.

Any Ideas why the esxi server keep trying to access the old server?

Thanks

Reply
0 Kudos
Davehouser
Contributor
Contributor
‎03-12-2021 05:51 AM

I am having the same issue, our firewall shows the esxi is trying to connect ONC-RPC to an old server we had as well ever 1 min. I tried to grep through the esxi as root but I cant seem to find where this setting is. I also rebooted the host, still continues to access this ip. 

Reply
0 Kudos
Davehouser
Contributor
Contributor
‎03-12-2021 07:08 AM

Figured it out!

**Problem:**

Our firewall showed all but one of our hosts are trying to perform ONC-RPC calls to an old Veeam server that no longer exists. Host sends our a request ever one min. Its being blocked. This happens on 3 of our 4 hosts. One host does not do this.

**Trouble shooting:**

* I have combed through the hosts trying to find some configuration to the specified IP address. Nothing.
* I tried setting up a host profile for the one host that does not make the call and check compliance against the others, nothing.
* I even tried performing a "grep -nri" for the ip address directly from the host's cli, nothing.
* Tried rebooting the host to see if maybe it was a cached value somewhere, nothing.
* tried looking through vmkernel and syslog, nothing.
* IF i do `esxcli network ip connection list` I can see the following, which is the exact problem we are running into! This validates its NFS calls.

`tcp 0 0 10.1.1.11:939 192.168.100.15:111 SYN_SENT 3043868 newreno RPC-tx-192.168.100.15.111`

Then I finally found where those settings are, they are in /etc/vmwre/esx.conf

/nas/VeeamBackup_winjs.cybertax.cso.com/enabled = "true"
/nas/VeeamBackup_winjs.cybertax.cso.com/share = "/VeeamBackup_winjs.cybertax.cso.com"
/nas/VeeamBackup_winjs.cybertax.cso.com/host = "192.168.100.15"
/nas/VeeamBackup_winjs.cybertax.cso.com/readOnly = "false"

and

/firewall/services/nfsClient/allowedip[0000]/ipstr = "192.168.100.15:"

I deleted these lines, put the host into maintenance mode, and rebooted, fixed the issue!

Reply
dontsellmydata
Contributor
Contributor
‎06-01-2023 04:17 PM

I just had to reply here and say thanks after I ran into the same issue.

Only a lab setup but was driving me nuts seeing two hosts constantly calling out to an IP which was part of some ancient legacy config.

Reply
0 Kudos