When trying to use Symantec Control Compliance Suite (CCS) to run an asset import job against a vCenter server the connection to vCenter fails

book

Article ID: 158856

calendar_today

Updated On:

Products

Control Compliance Suite Unix

Issue/Introduction

The customer was trying to bring in VMware ESX/ESXi assets into CCS but kept having a failure connecting to the vCenter server.  The Windows server that hosted vCenter was imported successfully and the vCenter Server asset appeared to have been manually entered into the system.  When using the vCenter client to connect to vCenter server on the same system CCS had been installed on, the pass-through authentication connected properly.

Error Message:

type="UNIX.MACHINE"><HOSTMACHINE>0.0.0.0</HOSTMACHINE><IPAddress>0.0.0.0</IPAddress></asset></message>
9| 2B88| 1E60|"blade|VMwareWinAgentl| 206| 1/ 9/2014|14:32: 0:997|Critical Failure:0x80004005 <message level="1" target="0.0.0.0"><desc>Failure in Connecting vCenter due to any of the following reasons:
1. Invalid IP address.
2. Invalid Port No.
3. Invalid Protocol Version.
4. Invalid Certificate.
5. Invalid Credentials.
6. vCenter Server is not accessible.</desc><asset type="UNIX.MACHINE"><HOSTMACHINE>0.0.0.0</HOSTMACHINE><IPAddress>0.0.0.0</IPAddress></asset></message>

Cause

The Microsoft Windows Active Directory (AD) user account used to connect to VMware vCenter had restricted rights to only be used as a service account.  The issue was discovered by not using pass-through authentication in the vCenter client installed on the system used by the CCS installation.  The vCenter client connections were entered manually and nothing would connect.

Resolution

The VMware logon user should have at least basic user account rights, not restricted service-account level rights when connecting to vCenter.


Applies To

Symantec CCS 11 - Security Content Update (SCU) 2013-2, Product Update (PU) 2013-2
Microsoft Windows Server 2008 R2
VMware vCenter Server 5.0