Several GVMs hosted in NSX environment have antirivirus installed but they are displayed in the UMC as NOT protected
search cancel

Several GVMs hosted in NSX environment have antirivirus installed but they are displayed in the UMC as NOT protected

book

Article ID: 237396

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Several GVMs hosted in NSX environment have antirivirus installed but they are displayed in the UMC as NOT protected. There were many more that were protected that were displayed as being protected as expected.

An examination of "Lux.log" -- one of the many logs the agent services writes to, showed the following sequence of events  repeatedly. This was indicating a communication problem with the update server as well as to the DCS server.

excerpt from lux.log

10:54:22.969805  [Server - START]
10:54:22.969831   Host ID: {HOSTIDGUID}
10:54:22.969848   Status Code: 1
10:54:22.969863   Status Message: Server was not selected
10:54:22.969881   Transport Return Code: 0x80010731
10:54:22.969897   Transport Return Message: FAIL - download failed
10:54:22.969925   Protocol: HTTP
10:54:22.969940   Hostname: hostname.mydomain.example.com
10:54:22.969956   Port: 7070
10:54:22.969977   Path: clu-prod
10:54:22.969999   Proxy ID: {00000000-0000-0000-0000-000000000000}
10:54:22.970014   Proxy Bypass: true
10:54:22.970029  [Server - END]

Environment

Release : 6.9.1

 

Cause

Based on the solution that was found the communication between the VM and the internal/external antivirus update server was broken or being interfered with.

Resolution

The solution that finally worked was to manually uninstall VMware Tools and then reinstall them on all of the affected servers. After that was done the servers began communicating again and were eventually displayed as protected.