Enabling logging for Likewise agents on ESXi/ESX
search cancel

Enabling logging for Likewise agents on ESXi/ESX

book

Article ID: 313939

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Likewise agents are used on ESXi/ESX 4.1, ESXi 5.x and ESXi 6.x to facilitate joining the host to an Active Directory domain and subsequent user authentication attempts.
 
Logs for Likewise agents are helpful during advanced troubleshooting of ESXi/ESX Active Directory integration, but none of these agents generate a log file by default.
 
This article describes how to enable logging for the Likewise agents.


Environment

VMware ESXi 6.7.x
VMware ESXi 6.5.x
VMware ESXi 6.0.x
VMware vSphere ESXi 7.0.0

Resolution

Note: Enabling Likewise logging increases the space used in /var/log/. This should be only used while diagnosing an issue to prevent out of space issues.

ESXi 6.x

Beginning in ESXi 6.x, the logging for Likewise agents are configured using the command-line.

To view the current Likewise agent logging settings:

  1. Log in to the host as root using the console or SSH.
  2. Start the lwsmd service by running this command:

    /etc/init.d/lwsmd start
     
  3. Type this command to view the current log file location:

    /usr/lib/vmware/likewise/bin/lwsm get-log
     
  4. Type this command to view the current logging level:

    /usr/lib/vmware/likewise/bin/lwsm get-log-level
To configure the Likewise agent logging setting:
  1. Log in to the host as root using the console or SSH.
  2. Type this command to set the log file location:

    /usr/lib/vmware/likewise/bin/lwsm set-log file /var/log/likewise.log
     
  3. Type this command to set the logging level:

    /usr/lib/vmware/likewise/bin/lwsm set-log-level loglevel

    Note: The default logging level is info.

    These are the valid logging levels:
    • always
    • error
    • warning
    • info
    • verbose
    • debug
    • trace

ESX/ESXi 4.1 and ESXi 5.x

netlogond daemon

The netlogond daemon is used to join the ESXi/ESX host to the domain. If it is not running, the host does not stay connected to the domain and the Authentication Service Settings revert to Local AuthenticationAttempts to re-connect to the domain restart the daemon.

To enable logging for the netlogond daemon:
  1. Open the /etc/init.d/netlogond file using a text editor.
  2. Locate the line:

    ESXi 4.1:

    PROG_ARGS="--start-as-daemon "

    ESXi 5.x:

    PROG_ARGS="--start-as-daemon--syslog "
     
  3. Change this line to:

    PROG_ARGS="--start-as-daemon --logfile /var/log/netlogond.log --loglevel debug"

    Note: For ESXi, if you have a scratch partition created as per Creating a persistent scratch location for ESXi 4.x and 5.x (1033696), modify the line to:

    PROG_ARGS="--start-as-daemon --logfile /scratch/log/netlogond.log --loglevel debug "

    Notes:
  • The logfile can be any file and the loglevel can be error, warning, info, verbose or debug.
  • In ESXi 5.x, you need to copy the file for editing to /tmp (for example, using the command cp /etc/init.d/netlogond/tmp), make the appropriate changes and then copy the file back to the original location.
  • If the netlogond service is running when the /etc/init.d/netlogond file is modified, it needs to be restarted with the command /etc/init.d/netlogond restart.

lwiod daemon

The lwiod daemon is an SMB client driver. It is responsible for allowing communication between the ESXi/ESX host and the Active Directory domain controller.

To enable logging for the lwiod daemon:
  1. Open the /etc/init.d/lwiod file using the text editor.
  2. Locate the line:

    ESXi 4.1:

    PROG_ARGS="--start-as-daemon"

    ESXi 5.x

    PROG_ARGS="--start-as-daemon--syslog "
     
  3. Change this line to:

    PROG_ARGS="--start-as-daemon --logfile /var/log/lwiod.log --loglevel trace"

    Note: For ESXi, if you have a scratch partition created as per Creating a persistent scratch location for ESXi 4.x and 5.x (1033696), modify the line to:

    PROG_ARGS="--start-as-daemon --logfile /scratch/log/lwiod.log --loglevel trace "

    Notes:
  • The logfile can be any file and the loglevel can be error, warning, info, verbose, trace or debug.
  • In ESXi 5.x, you need to copy the file for editing to /tmp (for example, using the command cp /etc/init.d/netlogond/tmp), make the appropriate changes and then copy the file back to the original location.

Note: If the lwiod service is running when the /etc/init.d/lwiod file is modified, it needs to be restarted with the command /etc/init.d/lwiod restart.

lsassd daemon

The lsassd daemon allows one to select the Active Directory domain for users when creating permissions on ESXi/ESX. It is also responsible for some login behavior when Active Directory users log in to an ESXi/ESX host at the console or via SSH. If it is not running, no Active Directory users can log in to the system (via the vSphere Client, console or SSH) and only local users can be assigned permissions.

To enable logging for the lsassd daemon:
  1. Open this /etc/init.d/lsassd script file using a text editor.
  2. Locate the line:

    For ESXi 4.1:

    PROG_ARGS="--start-as-daemon "

    For ESXi 5.x:

    PROG_ARGS="--start-as-daemon --syslog"

  3. Change this line to:

    For ESXi 4.1:

    PROG_ARGS="--start-as-daemon --logfile /var/log/lsassd.log --loglevel trace "

    For ESXi 5.x:

    In ESXi 5.x, default directory for logging is /var/log/. If you reference /var/log/vmwar ethe log capture will NOT get the vmware directory and must either capture the file manually or just re-route it to the /var/logdirectory.

    PROG_ARGS="--start-as-daemon --logfile /var/log/lsassd.log --loglevel trace"

  4. Restart the daemons in this order:

    /etc/init.d/netlogond restart
    /etc/init.d/lwiod restart
    /etc/init.d/lsassd restart


    Notes:

  • The logfile can be any file and the loglevel can be error, warning, info, verbose, trace or debug.
  • In ESXi, if you have a scratch partition created as per Creating a persistent scratch location for ESXi 4.x and 5.x (1033696), modify the line to:

    PROG_ARGS="--start-as-daemon --logfile /scratch/log/lsassd.log --loglevel trace "
     
  • In ESXi 5.x, you need to copy the file for editing to /tmp (for example, using the command cp /etc/init.d/netlogond /tmp), make the appropriate changes, and then copy the file back to the original location.

Notes:



Additional Information

Creating a persistent scratch location for ESXi 4.x/5.x/6.x
Applying vSphere host configuration changes after an unclean shutdown
Active Directory ドメインのアカウントを使用して ESXi ホストにログインすることができない
ESXi/ESX で Likewise エージェントのログを有効にする
为 ESXi/ESX 上的 Likewise 代理启用日志记录