IDFW fails to update SG based on logins after deploying Guest Introspection in NSX
Article ID: 320949
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- With Guest Introspection deployed, virtual machines are not being added to security groups based on Active Directory login events.
- Once the user that logs into the virtual machines starts a process which generates a TCP connection, the VMs will be added to the security groups.
Cause
Guest Introspection path of logon detection works by capturing TCP connections generated in the guest, looking up the associated process/user.
Until the user starts a process that generates a TCP connection, there is no way to know the user is logged onto the machine.
Until the user starts a process that generates a TCP connection, there is no way to know the user is logged onto the machine.
Resolution
This is a known issue affecting VMware NSX for vSphere 6.x.
Currently, there is no resolution.
Workaround:
To work around this issue, trigger a TCP connection after logging into the virtual machine.
For example:
You can launch a browser and visit a website.
Currently, there is no resolution.
Workaround:
To work around this issue, trigger a TCP connection after logging into the virtual machine.
For example:
You can launch a browser and visit a website.
Feedback
Yes
No
Powered by
