[VCDR] Alert: Recovery SDDC status transitioned from UNKNOWN to CRITICAL after enabling Ransomware Recovery
search cancel

[VCDR] Alert: Recovery SDDC status transitioned from UNKNOWN to CRITICAL after enabling Ransomware Recovery

book

Article ID: 313705

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

To explain the possible cause and steps to remediate the alarms

Symptoms:
After activating ransomware recovery, you may see Critical alarm in the VCDR UI > Under Alarms,  as below: 

SDDC: Recovery SDDC 'Test-Recovery-SDDC' status transitioned from UNKNOWN to CRITICAL: The firewall rules needed by the ransomware security cloud workload appliance are missing from recovery SDDC 'Test-Recovery-SDDC'. The ransomware security cloud workload appliance is missing from recovery SDDC 'Test-Recovery-SDDC'

ransomware.png

Cause

Main reason is that IRR(ControlShift) cannot verify the CWP appliance existance or communicate with it.The Carbon Black Cloud Workload Appliance(CWP) needs to be registered with Carbon Black Cloud and needs to have connectivity to Carbon Black cloud in Recovery SDDC. 

Due to the formatting exception, the health status would remain empty in CB Cloud, which can result in the unknown status for recovery SDDC. 
Note: The formatting exception is fixed in version 7.27.

Resolution

Please verify all required Firewall rules are in place, refer Configuring Carbon Black Cloud Communications

1) Verify connectivity from CloudDR-CWP Appliance to Recovery SDDC vCenter. 
curl -kvL https://<vCenter IP/FQDN>:443

2) Verify Compute Gateway(CGW) Firewall rules are in place, if CWP appliance is unable to connect to vCenter in recovery SDDC.

3) Verify connectivity CloudDR-CWP Appliance to Carbon Black Cloud URL.
curl -kvL https://use1.carbonblackcloud.vmware.com:443

4) Verify connecvitity from CloudDR-CWP Appliance to URL 'content.carbonblack.io:443'.

5) Validate if there is native AWS Security Group or NSX Advance Firewall configured in the SDDC and ensure the cloud URLs are allowed inbound and outbound internet traffic from CWP appliance. 

Once the connectivity is restored the Recovery SDDC status will revert to "Green/Good" in VCDR UI.