VMware vRealize Configuration Manager Troubleshooting Guide vRealize Configuration Manager 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VCM Troubleshooting Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2006–2015 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.
Contents About This Book 7 Troubleshooting Overview 9 Troubleshooting Workflow Verifying That Behavior Is Negative Isolating Behavior Identifying External Factors Checking VCM Logs Info Messages Warning Messages Error Messages Exception Messages Types of Problems User Interface Problems Security and Authentication Problems SQL Server Problems VCM Agent Problems UNIX Agent Problems Report Server Problems Internet Information Services Problems Network Connectivity Problems Hardware and Performance Probl
VCM Troubleshooting Guide Patch Deployment Jobs Might Time Out UNIX Bulletins Missing from the Required Location Report and Node Summary Errors Report Parameter Errors Protected Storage Errors SSL Becomes Disabled 32 33 33 34 35 36 Troubleshooting the vSphere Client VCM Plug-In 37 vSphere Client VCM Plug-In Is Not Enabled Cannot Register the vSphere Client VCM Plug-In Invalid Certificate on a vSphere Client Collector Not Running HTTPS/SSL Is Not Configured on the Collector Collection Unsuccessful Machi
Contents Manual Window Agent Installation Windows Agent Communication Protocols Communication Protocol Change Process Detect Previous Install Uninstall Agent Uninstall Package Installer Uninstall Basic Installer Validate Installation Environment Install Simple Installer Store Installation Data in the Database Install Module Installer Fully Release the Synchronization Lock On the Target Machine Submit Request to Agent Check If Request Is Complete Transfer Request Results Acknowledge Successful Data Transfer
VCM Troubleshooting Guide 6 VMware, Inc.
About This Book The VMware vRealize Configuration Manager Troubleshooting Guide explains problems that might occur with VMware vRealize Configuration Manager. In addition, parts of this document describe how to find diagnostic information to help you or VMware Technical Support analyze problems. Intended Audience This information is for experienced Windows, Linux, UNIX, or Mac OS X system administrators who are familiar with managing network users and resources, and with performing system maintenance.
VCM Troubleshooting Guide Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. 8 VMware, Inc.
1 Troubleshooting Overview Before making changes to your environment to solve a troubleshooting situation, learn as much as possible about the problem.
VCM Troubleshooting Guide Verifying That Behavior Is Negative Sometimes, an apparent error might not be a real error. n A message might seem like an error when it is only a warning. n A designed behavior might seem like an error if the result is not what you expect. For example, in compliance, VCM highlights noncompliant systems because they fail to meet rules, but this convention might be the opposite of your own thinking.
Troubleshooting Overview Operating System Logs The operating system event log can identify external factors that might cause problems..You can detect simple problems by reviewing the security and application logs. Common errors include authentication problems: Report Server (MSSQLSERVER) cannot connect to the report server database. However, any message that occurs during the time frame surrounding the undesired behavior is suspect, especially if the same error or warning always accompanies the behavior.
VCM Troubleshooting Guide Error Messages Error messages indicate serious problems. VCM processes do not stop running because of an error, but VCM might not continue normally. For example, if the collection of a specific data type produces a value that is not of the type that the database expects, VCM might have to discard the collected information for that entire data type. Discarding collected information produces an error message that indicates that something did not work properly.
2 Types of Problems VCM problems usually fall into common categories.
VCM Troubleshooting Guide Figure 2–1. User Interface Formatting Problem Security and Authentication Problems VCM acts as a multiple-system administration tool and must have administrator authority on all the machines that it manages. The necessary authority might be accidentally removed or restricted. Common authentication problems include changed passwords, dropped administrator access, or security measures such as a proxy server, that are added without updating VCM.
Types of Problems SQL Server errors might include resource, disk space, or authentication problems, among others. Poor tuning of your SQL Server might also cause performance problems such as data bottlenecks. Evidence of SQL Server trouble might appear in the user interface or the debug logs, but messages directly related to SQL Server typically appear directly in the SQL Server logs: INSERT statement conflicted with COLUMN FOREIGN KEY constraint 'fk_vcm_ sysdat_role_rules_role_id'.
VCM Troubleshooting Guide Internet Information Services Problems The VCM user interface is hosted on Microsoft Internet Information Server (IIS), which might be incorrectly configured. Sometimes the VCM user interface displays an error similar to what you see when you fail to connect to a Web page. Error messages such as 404 File Not Found or 403 Forbidden are typical IIS messages, and indicate improper configuration of IIS in relation to VCM or Report Server pages. You might also see ASP.
Types of Problems Next, make sure that enough memory and CPU cycles exist for VCM services and processes to start and continue properly. If VCM is competing with other, non-VCM processes, performance might degrade to the point that errors and exceptions appear in the debug log. Finally,you might need to run diagnostics on hardware components, such as memory chips, processors, or system boards. For the recommended hardware sizing and configuration needed to run VCM, see the installation documentation.
VCM Troubleshooting Guide 18 VMware, Inc.
3 Gathering Diagnostic Information To solve a problem, you need to collect information for your own analysis or for forwarding to VMware Technical Support.
VCM Troubleshooting Guide Type of Problem What to Send SQL Server SQL Server logs Windows system and application event logs VCM debug logs VCM Agent Collector debug log Agent ARS files Windows system and application event logs UNIX Agent Collector debug log UNIX Agent debug log UNIX Agent ZRP files UNIX system log Report server Screenshots SQL profiler trace files Collector debug log IIS Screenshots Entries from IIS logs Network connectivity Network connectivity problems are usually investigat
Gathering Diagnostic Information Set the Debug Log to Store all Message Types Because Info messages might contain important troubleshooting clues, turn them on before extracting the log. By default, the Collector debug log saves on performance and space by not storing Info messages. After extracting the debug log, turn Info messages back off. CAUTION This procedure involves using the regedit command to open the Windows Registry and edit the settings. Procedure 1.
VCM Troubleshooting Guide 4. To open the debug log viewer, right-click the following executable, andRun As Administrator. ECMDebugEventViewer.exe 5. Click Filter Settings. 6. In the Message Type and Message Source areas, select all of the check boxes and click OK. 7. In the Data Source area, type the names of the servers and databases and click OK. 8. Click Date/Time, and select the between option. 9.
Gathering Diagnostic Information Procedure 1. On the Web server, select Start > Administrative Tools > Internet Information Services (IIS) Manager. 2. Expand Internet Information Services > server-name > Web Sites. 3. Right-click Default Web Site, and select Properties. 4. Verify that the Enable Logging check box is selected. 5. In the Active log format drop-down menu, select W3C Extended Log File Format, and click Properties. 6. Make a note of where the logs are stored. The default location is C:\WINDOWS\
VCM Troubleshooting Guide 10. Start a collection, and note its Job ID as seen in the Running Jobs window. 11. After the job is finished, look for a CollectorData subfolder named with the Job ID of the job that just finished. 12. Create a ZIP file of the entire subfolder. The ZIP file is what you send to VMware Technical Support. What to do Next Reopen the Registry, and set the two AreResultsSaved values to 0.
Gathering Diagnostic Information Extract Windows System Information Windows includes an executable application file msinfo32.exe that can provide a detailed snapshot of the current state of a system. Procedure 1. On the Collector, click Start > Run. 2. Type msinfo32.exein the text box. 3. From the pull-down menus, click File > Save. 4. Type a meaningful file name, and click Save. The save process might take a few minutes to create the NFO file that holds the detailed snapshot.
VCM Troubleshooting Guide 5. To enable VCM Patching debugging, type and run the following query: update csi_hf_settings set val = '1' where setting = 'debug' 6. In Windows, in the Services Manager, restart the VCM Patch Management service. What to do Next Collect the VCM Patching logs. Collect VCM Patching Logs For problemswith the VCM Patching process, collect the VCM Patching log files. Prerequisites Turn on VCM Patching logging. See "Enable VCM Patching Logging" on page 25. Procedure 1.
Gathering Diagnostic Information What to do Next Using the backup copy, restore Logging.conf to its previous state. VMware, Inc.
VCM Troubleshooting Guide 28 VMware, Inc.
Troubleshooting Problems with VCM 4 This information describes troubleshooting situations that occur in general VCM operations such as installing, upgrading, patching, or reporting.
VCM Troubleshooting Guide Solution Upgrade to a supported VCM Agent. Signed Patch Content Cannot Be Validated VCM signed patch content cannot be validated with the new signing certificate. Problem Signed patch content cannot be validated with the new signing certificate for VCM instances of 5.5.0, 5.5.1, and 5.6.0. VCM patch content was previously signed with a certificate from Verisign, but is now signed with a certificate from DigiCert.
Troubleshooting Problems with VCM n To make the change permanent, so that the change persists after a reboot of the AIX managed machine, include the -p option: nfso -p -o nfs_use_reserved_ports=1 For more information, see the online IBM information for the vmount: Operation not permitted error from the Linux NFS Server. UNIX Patch Deployment Fails Reading or retrieving a patch bulletin name causes UNIX patch deployment to fail.
VCM Troubleshooting Guide Solution Use these corrective measures, respectively: n Review the patch bulletins to make sure they match the selected machine type. n Review the patch bulletins to make sure they match the selected machine architecture, 32-bit or 64-bit. n Review or change the custom filter to remove attributes that the selected machine type does not support. n VCM supports UNIX Patch Assessment custom filters, which can be used when assessing older Agents. For 5.
Troubleshooting Problems with VCM UNIX Bulletins Missing from the Required Location UNIX patch bulletins are not in the required location on the Agent machine. Problem UNIX patch bulletins are not in the required location on the Agent machine, which causes UNIX patch assessments to fail and not display assessment results. Cause The problem can occur because of any of the following situations: n The Agent version does not match the UNIX platform support for Patch Assessment.
VCM Troubleshooting Guide Cause Problems with Visual Studio 2005 and the .NET Framework are responsible for these errors. Solution 1. Go to the Microsoft Web site. 2. Search for Knowledge Base article KB913384. The article describes a hotfix for the following problem: A .NET Framework 2.0 application that runs under a user account context when no user profile is associated with the user account context might crash, or you might receive an access violation error message. 3.
Troubleshooting Problems with VCM 1. On the Collector, open Report Manager: http://collector-name-or-IP-address/Reports. 2. In Report Manager, open the folder that holds the affected report. Folder Report ECMAD Active Directory ECMu UNIX RSCA RSCA Service Desk Service Desk and Change Reconciliation SMS Systems Management Server Standard Windows reports, and Change Management and Compliance SUM VCM Patching Virtualization Virtualization 3. On the right, click Show Details. 4.
VCM Troubleshooting Guide Solution 1. On the Agent Proxy machine, open the command prompt. 2. Change directory to the following VCM folder. The default location is C:\Program Files (x86)\VMware\VCM\AgentData\protected 3. Delete the following files: ECMv.csi.pds ECMv.csi.pds.lck 4. Run the following command: GenerateAgentProxyKeys.cmd 5. Verify that the following files were generated: agent-proxy-machine-name_securecomm_public_key.txt agent-proxy-machine-name_ssh_public_key.txt 6.
5 Troubleshooting the vSphere Client VCM Plug-In When troubleshooting vSphere Client VCM Plug-In issues, you must consider the vSphere Client, the plug-in integration, and VCM.
VCM Troubleshooting Guide Cause You are not running vCenter 4 Server. Solution Install vCenter 4 Server. vCenter 4 Server is required for vSphere Client Plug-ins, including the vSphere Client VCM Plug-In. Invalid Certificate on a vSphere Client The vSphere Client connects to the vCenter Server using the SSL certificate and displays the datacenters, hosts, and any clusters.
Troubleshooting the vSphere Client VCM Plug-In Collection Unsuccessful The collection of data from one or more machines fails. Problem Collection did not run. Cause Machine is licensed, but the Agent is not installed. Solution Review the Getting Started information for licensing and installing the Agent on the target machine type. Machines Not Listed in the Collect Available List Machines are listed when viewing Compliance, Patching, and Reports, but not when viewing Collect.
VCM Troubleshooting Guide Solution In VCM, delete the ESX server, and then re-add using the name used to manage the machine in the vSphere Client. 40 VMware, Inc.
6 VCM Windows Agent To troubleshoot problems with your VCM Windows Agent, you must understand the Agent requirements to operate in your network, to communicate with your Collector. You must also understand how the Agent is installed so that you can trace the process and identify possible failure points. The VCM Windows Agent is installed on managed Windows physical and virtual machines. The Agent is used to collect information from the machines.
VCM Troubleshooting Guide n IPC$ share must exist. RPC uses IPC$. n Windows Server Service must be running. The Collector uses the server services to resolve the target machine's share to a local path to register the bootstrap service, the Registration Service, with the Remote Service Control Manager (SCM). n n You must be able to attach to the share files using the credentials provided during installation. n DNS must correctly resolve the machine and share to the appropriate machine.
VCM Windows Agent The detect previous install action determines if a previous Agent is present by attempting to connect to the Agent installation DCOM components, the Basic and Agent Installers. If a connection is made to either of these components, the detect previous install action sets a state member that the Validate Installation Environment, Interrogate Target Environment, and Resolve Uninstall Dependencies actions use to determine if they should run.
VCM Troubleshooting Guide 1. A connection is made to the module installer. 2. The runtime Agent lock is updated. 3. The module installer returns all modules currently installed. 4. The product modules are recorded in the database. A failure in this action causes the installation to fail.
VCM Windows Agent 1. An attempt is made to contact the simple installer on the target Windows machine. If this action is successful, then this step is complete. If the action is not successful, the process continues. 2. An attempt is made to attach to the share on the target that was specified in the user interface and using the specified authority. If this action fails, then the installation fails. 3. If the attach to share action succeeds, the process determines if the Agent has a runtime lock.
VCM Troubleshooting Guide 9. The registration service is unregistered with VCM. 10. An attempt is made to contact the simple install using DCOM. If this action succeeds, this step in the process is finished. If the process fails on any of the actions, the simple installer job enters the rollback state. All modules are uninstalled, all files are removed, and the registry is purged. In this state, the debug event files are not deleted on the target machine.
VCM Windows Agent This algorithm is provided with a requested install module list (RIML), the already installed module list (AIML), the module dependency graph, and the module updates map. The algorithm uses the map to determine what must be installed and uninstalled on the target machine to achieve the latest versions of modules based on the modules provided in the RIML and the AIML. Install Module The install module action installs all product modules related to the VCM Agent. 1.
VCM Troubleshooting Guide Prepare Request Results for Insert The prepare request results for insert action prepares the data from the Windows machine inspection for insertion in the VCM database during the VCM Agent installation process. A bulk insert of the machine environment inspection data is prepared for insertion in the VCM database.
VCM Windows Agent To troubleshoot this process, review the job history, identify the step that failed, and determine what might be impeding the removal of the Agent. Detect Previous Install The detect previous install action evaluates the Windows machine from which you are removing the VCM Agent to determine whether a version of the Agent is installed that must be uninstalled.
VCM Troubleshooting Guide Interrogate Target Environment The interrogate target environment action runs on the Windows machine after the installation infrastructure is deployed to uninstall the various product modules during the VCM Agent uninstallation process. The following actions determine which product modules must be deployed to the target machine. 1. A connection is made to the module installer. 2. The runtime Agent lock is updated. 3. The module installer returns all modules currently installed. 4.
VCM Windows Agent the installed modules. n The registration service then uninstalls each module it finds. n The registration service ensures that all VCM files are removed from the file system and that the registry is purged. n The installer marks itself for deletion on the next reboot of the Windows machine. 2. The uninstall module installer attempts to attach to share on the Window machine. This attempt is made even if the previous step succeeds. The attachment process during uninstall might fail.
VCM Troubleshooting Guide Windows Agent Manual Installation Process The manual Agent installation process deploys the Agent to the target without using the Collector. The main goal of manual installation is to produce an Agent environment that is identical to an Agent environment that one would expect if a Collector deployed the Agent. Manual installation does not create entries in the add and remove programs section, nor is the manually installed Agent designed to be uninstalled manually.
VCM Windows Agent n Interactive Mode Configure the options during the installation process. Option Description Installation Specify the directory to which the Agent is installed. directory Lock agent To lock the Agent, select the check box. HTTP To install the Agent so that is uses HTTP communication protocols, select the check box and provide the port on which the Agent receives requests from the Collector.
VCM Troubleshooting Guide limitation. DCOM is also the lowest common protocol used for installing the Agent and for collecting data. Uninstalling and upgrading the Agent are not bound by this limitation. If the Collector lists an Agent as listening with HTTP when communicating with the Agent, and the HTTP connection cannot be established, DCOM communication is attempted.
VCM Windows Agent Uninstall Basic Installer The uninstall basic installer action removes the basic Agent installation component in preparation for the new communication protocol. Validate Installation Environment The validate installation environment action ensures that the target Windows machine is available for the installation of the new VCM Agent communication protocol modules. 1.
VCM Troubleshooting Guide If the change protocol request is from DCOM to HTTP, the simple installer component receives a request to install the ComSocketServiceListener. It the change protocol request was from HTTP to DCOM, the simple installer receives a request to remove the ComSocketServiceListener. The simple installer does not modify the contents of the installation infrastructure.
VCM Windows Agent Acknowledge Successful Data Transfer The acknowledge successful data transfer action is a record of the data from the VCM Agent inspection on the Windows machine during the change communication protocol process. The Collector records the receipt of the data from the Windows machine environment inspection.
VCM Troubleshooting Guide Debug Window Agent Installations Use the detailed information in the debug event view when debugging problems related to module resolution or to gain insight on the impact that installing or uninstalling have on a particular Agent. The debug event viewer provides module management debugging information as each module resolution algorithm is run by the Collector during each Agent process.
7 VCM UNIX Agent To troubleshoot problems with the VCM UNIX Agent, you must understand how the Agent is installed, how it operates in your network, and how it communicates with the VCM Collector. Knowing these processes helps you trace the flow of settings and data so that you can identify possible failure points. The UNIX Agent is installed on managed UNIX systems that include variants such as those from Red Hat, Solaris, AIX, and others.
VCM Troubleshooting Guide drwxrwx--3 csi_acct drwxrwx--3 root drwxr-x--6 root drwxr-x--3 root lrwxrwxrwx 1 root /var/log/CMAgent/log dr-xr-x--x 3 root drwxr-xr-x 2 root cfgsoft cfgsoft cfgsoft cfgsoft cfgsoft 4096 4096 4096 4096 20 Oct Oct Oct Oct Oct 31 31 31 31 31 15:01 15:01 15:01 15:01 15:01 data ECMu install Installer log -> cfgsoft root 4096 Oct 31 15:01 ThirdParty 4096 Oct 31 15:01 uninstall /opt/CMAgent/Agent The Agent directory contains code libraries that are specific to the Agent.
VCM UNIX Agent -r-xr-x--1 root cfgsoft 770416 -r-xr-x--1 root cfgsoft 94784 -r-xr-x--1 root cfgsoft 278088 -r-xr-x--1 root cfgsoft 36392 libFilterFactorySubsystem.so -r-xr-x--1 root cfgsoft 221500 -r-xr-x--1 root cfgsoft 68688 -r-xr-x--1 root cfgsoft 221624 -r-xr-x--1 root cfgsoft 185264 libInstallInteropSubsystem.so -r-xr-x--1 root cfgsoft 34724 -r-xr-x--1 root cfgsoft 388728 libRdmDataStorageCommon.so -r-xr-x--1 root cfgsoft 72616 libRdmDataStoreManagerSubsystem.
VCM Troubleshooting Guide -r-xr-x--1 root -r-xr-x--1 root -r-xr-x--1 root ManageCertificateStore -r-xr-x--1 root -r-xr-x--1 root -r-xr-x--1 root -r-xr-x--1 root -r-xr-x--1 root cfgsoft cfgsoft cfgsoft 208547 Oct 31 15:01 CsiAgtStartupCli 313560 Oct 31 15:01 CsiListenerWorkerDaemon 109214 Oct 31 15:01 CSI_ cfgsoft cfgsoft cfgsoft cfgsoft cfgsoft 15324 27080 17404 15176 261548 /opt/CMAgent/CFC/3.
VCM UNIX Agent libSubsystemObjectCacheSubsystem.so -r-xr-x--1 root cfgsoft 43488 libSubSystemSingletonManagerSubSystem.so -r-xr-x--1 root cfgsoft 71996 -r-xr-x--1 root cfgsoft 249692 -r-xr-x--1 root cfgsoft 433704 -r-xr-x--1 root cfgsoft 435896 Oct 31 15:01 Oct Oct Oct Oct 31 31 31 31 15:01 15:01 15:01 15:01 libSynchronization.so libThreadPool.so libUNIXIPCCore.so libXMLParser.so /opt/CMAgent/data You can configure the location of the data directory when you install the Agent.
VCM Troubleshooting Guide export LD_LIBRARY_ PATH=/opt/CMAgent/CFC/3.0/lib:/opt/CMAgent/ThirdParty/1.0/lib export CSI_REGISTRY_PATH=/opt/CMAgent /opt/CMAgent/CFC/3.0/bin/CSI_ManagerCertificateStore -iz -fcert-file /opt/CMAgent/data/db/SM/RDM The SM/RDM directory contains the Birdstep database, which holds information about running requests, the average time it takes a request to be run, and so on.
VCM UNIX Agent libScriptChangeStateMachineJob.so -r-xr-x--1 root cfgsoft /opt/CMAgent/ECMu/1.0/registration: -rw-r----1 root cfgsoft -rw-r----1 root cfgsoft -r-xr-x--1 root cfgsoft -r-xr-x--1 root cfgsoft 171456 Oct 31 15:01 libXpChangeDriverState.so 622 2117 2299 1044 Oct Oct Oct Oct 31 31 31 31 15:01 15:01 15:01 15:01 cmagent.deb CMAgent.rpm RegisterAgent.sh UnregisterAgent.sh /opt/CMAgent/ECMu/x.
VCM Troubleshooting Guide /opt/CMAgent/install The install directory contains the infrastructure used to install and uninstall the Agent. The install directory also contains log files that might help determine why an installation failed. The BootStrapInstall.log file contains a log of all of the actions that the installer took. The DebugEvent_ cis.dbe is an error log file that you can copy to a Collector to view in the Debug Event Viewer.
VCM UNIX Agent -r-xr-x---r-xr-x---r--r-----r--r-----rw-r----- 1 1 1 1 1 root root root root root cfgsoft cfgsoft cfgsoft cfgsoft cfgsoft 1084 1031 10534 48925 40548 Oct Oct Oct Oct Oct 23 23 23 23 31 14:17 14:17 14:17 14:17 15:01 TestUserId.sh TestUser.sh UninstallProducts.py UserGroup.py UserGroup.
VCM Troubleshooting Guide /opt/CMAgent/Installer The Installer directory contains Agent components that are dynamically available based on the VCM actions being performed. Directories and files under the Content directory vary. /opt/CMAgent/Installer: drwxrwx--3 root cfgsoft 4096 Oct 31 15:01 Content /opt/CMAgent/ThirdParty The ThirdParty directory contains code libraries that are common components. It contains an x.
VCM UNIX Agent /opt/CMAgent/uninstall The uninstall directory contains the script to remove the Agent. /opt/CMAgent/uninstall: -rwxr-xr-1 root root 54135 Oct 31 15:01 UninstallCMAgent Directories Created During an Inspection When a Collector first contacts the Agent, it copies its data model to the Agent. The Agent stores the data model as a Birdstep database in a Collector-named directory immediately under DtmDB/RDM.
VCM Troubleshooting Guide The ZRP file might contain a debug event (DBE) file, which is returned to the Collector and inserted in the SQL database so that it can be viewed at the Collector. If the file is missing on the Collector, capture the ZRP file on the Agent, extract the DBE, and manually copy it to the Collector for viewing in the Debug Event Viewer.
VCM UNIX Agent MAC CSI_REGISTRY_PATH=/opt/CMAgent DYLD_LIBRARY_ PATH=/opt/CMAgent/CFC/3.0/lib:/opt/CMAgent/ThirdParty/1.0/lib /opt/CMAgent/CFC/3.0/bin/CSI_ManageCertificateStore –iz –fpath-topem/filename.pem AIX CSI_REGISTRY_PATH=/opt/CMAgent LIBPATH=/opt/CMAgent/CFC/3.0/lib:/opt/CMAgent/ThirdParty/1.0/lib /opt/CMAgent/CFC/3.0/bin/CSI_ManageCertificateStore –iz –fpath-topem/filename.
VCM Troubleshooting Guide Collector Cannot Contact the Agent When the Collector cannot contact the Agent machine, look at the following on the Collector server. n Try an nslookup of the Agent. If it fails, edit the etc\hosts file on the Collector to map the Agent machine name to its IP address. n From a command prompt on the Collector, ping the Agent machine by name or IP address. n Try to telnet or ssh to the Agent.
VCM UNIX Agent Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Host {agent-machine} ({ip-address}) appears to be up … good. Initiating Connect() Scan against {agent-machine} ({ip-address}) Adding open port 26542/tcp The Connect() Scan took 0 seconds to scan 1 ports.
VCM Troubleshooting Guide running. When a collection occurs, a second lm appears for the Collector-specific data model (DtmDB). To list all Collector directories, with the most recently collected directory at the top, type find /opt/CMAgent/data -name Master | xargs ls -ldt Monitor Processes with the top Utility If the top utility is installed and available, you can use it to monitor processes. Procedure 1. Start the top utility. 2. Type u. 3.
VCM UNIX Agent If the Results directory is not deleted, look for a DBE file in the directory and copy it to the Collector for viewing. To examine the ZRP file on the Agent, capture it when it is created. See "Capture the ZRP on the Agent" on page 75. Capture the ZRP on the Agent The Agent sends the Results.zrp file to the Collector, and deletes it after the Collector acknowledges receipt of the file.
VCM Troubleshooting Guide n CSISecureHigh Errors from the RunHigh executable file, indicating violation of rules enforced by the suid program for running root privilege inspections. n CSISecureLow Errors from the RunLow executable file, indicating violation of rules enforced by the sgid program for running non-root privilege inspections. n CSISecure Errors from the RunRemote executable file, indicating violation of rules enforced by the suid program for running root privilege remote commands.
VCM UNIX Agent n RunHigh. Owner root, group cfgsoft, mode r-sr-x--- n RunLow. Owner csi_acct, group csi_acct, mode r-xr-s--- n RunRemote. Owner root, group cfgsoft, mode r-sr-x--- If permissions are correct, check DBE files for errors stating that RunHigh, RunLow, or RunRemote failed. See "Run Executable Logging" on page 77 for information about the level of error logging. Run Executable Logging If RunHigh, RunLow, or RunRemote fails, the executable file logs errors of type auth.
VCM Troubleshooting Guide Also, check the mount options for the file system. A common security practice is to mount /usr, /opt, and /usr/local with notsetuid and nosuid options to prevent setuid binaries from running. Doing so prevents RunHigh, RunLow, and RunRemote from running. Monitoring Network Traffic In rare cases, you might want to monitor TCP/IP traffic for the Agent machine.
VCM UNIX Agent Capture Traffic with Wireshark/Ethereal Start the capture of network traffic in Wireshark/Ethereal. Procedure 1. From the Wireshark/Ethereal tool bar, click Capture > Start. 2. In the Capture Options, click Capture Filter. 3. Select csi. 4. Click OK. Wireshark/Ethereal Capture Results Messages that flow in and out of the Agent port (26542) appear in the Wireshark/Ethereal display. A single inspection might show all of these results.
VCM Troubleshooting Guide Sequence Color Description Content Length (approximate) 10 Red Transfer Results 2,254 bytes 11 Blue Transferred data Varies based on the number of data classes inspected, delta versus full, and operating system. For example, a full collection of Machine.General on a Red Hat 9 platform has a ContentLength of 6,618 bytes.
Index A about this book 7 Agent errors 15 Linux/UNIX 59 logging 26 Windows 41 AIX patch staging 30 ARS file 23 authentication 14 available list vSphere Client VCM Plug-In 39 B bulletins 33 C capture screen 20 certificate for patch content signing 30 certificates Linux/UNIX 70 vSphere Client VCM Plug-In 38 cfgsoft group 77 collecting evidence 19 Collector certificates 70 logging 11 communication protocols Windows Agent 53-54 compliance 10 concurrent Agent installations 32 concurrent agent installations in
VCM Troubleshooting Guide patch assessment 31, 71 patch deployment 31 patching 29 scripts 70 syslog file 24 logging 11, 19, 21-22 Agent 26 Event Log 24 Import/Export Tool 24 installation 25 patching 25-26 M managed machines vSphere Client VCM Plug-In 39 manual installation Windows Agent 52 maximum concurrent Agent installations 32 memory 16 message error 12 exception 12 info 11, 21 warning 10-11 missing ESX servers vSphere Client VCM Plug-In 39 missing managed machines vSphere Client VCM Plug-In 39 msinfo
