Unable to power on VMs via vCenter on a Cluster using Guest Introspection
book
Article ID: 303261
calendar_today
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
Symptoms:
Power on VM fails when the GI SVM of a Host is powered off.
The task gets hung at 15%-35% with the status "Invoking Prechecks".
Cause
This is the expected behavior for Guest Introspection - vMotion of user VMs to an unprotected host should be blocked. Hosts can be configured to be protected by McAfee/Palo Alto Networks.
NSX involvement:
- NSX deploys the security VM (Eg. McAfee) on the cluster via EAM, when admin configures the service for a cluster. - NSX informs EAM if the service inside the security VM is Green/Red.
EAM involvement:
- EAM actually deploys the security VM to each host in the cluster. - EAM in conjunction with VC blocks user VMs from powering on or vMotioning to a host that does not have a working security VM (Assuming that GI is configured in the cluster).
Resolution
Powering on the SVM, when the GI service is marked as green, the power on task completes successfully.