IDFW firewalling, using event log scraping, stopped working after applying domain controllers with Microsoft's June 8th, 2021 security patch update.
Article ID: 316675
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- You are running NSX-v with IDFW Firewalling using Event Log Scraping.
- You have installed Microsoft June 8th, 2021 - KB5003681 (Security-only update)
- Event Log Scraping fails to get the security events.
- Identify Firewall no longer works for Event Log Scraping.
- The below entries will be visible in the NSX Manager vsm.log file:
2021-07-08 13:01:23.804 GMT WARN http-nio-127.0.0.1-7441-exec-931 WinEventLogCIFSReader:177 - - [nsxv@6876 comp="nsx-manager" level="WARN" subcomp="manager"] Error happened when connecting to event log server: <server-name> Error message: DCERPC_FAULT_ACCESS_DENIED
Environment
VMware NSX Data Center for vSphere 6.4.x
Cause
The issue is encountered due to NSX-V accessing event logs on remote devices using certain legacy Event Logging APIs and as a result is unable to connect.
Resolution
Currently there is no resolution.
Workaround:
Roll back the Microsoft June 8th security patch, if you are unable to do so, please raise a Support Request with VMware.
For non Physical workloads (VM based), you can use the GI based IDFW implementation as workaround.
Workaround:
Roll back the Microsoft June 8th security patch, if you are unable to do so, please raise a Support Request with VMware.
For non Physical workloads (VM based), you can use the GI based IDFW implementation as workaround.
Feedback
Yes
No
Powered by
