Hi Everyone, while investigating an earlier observation with my specific VCenter Rules this week and last ... I noticed that the log files more often than not indicate the credential of "Integrated" when performing the inventory process. For example, I will have 3 devices discovered and the inventory runs successfully on all 3, however, the credential will show "Integrated" for 2 of them and 1 of the credentials from the Beacon Password Vault for the other.
I did make an effort via the search feature, but can not find any explanation of what this is ... any ideas ??
Thx as Always
Bruce
2019-11-18 22:02:14,265 [.VirtualizationVisitor|rules-306] [INFO ] Finished processing task of type 'TaskType_V12nInventory' on target '172.31.154.81' with result '0'
2019-11-18 22:02:14,265 [.VirtualizationVisitor|rules-306] [INFO ] Result of type 'TaskType_V12nInventory' on target '172.31.154.81':
<TaskStatus Result="Success" StartDateTime="2019-11-18T22:01:58" Type="VirtualInventory" Duration="14.31" Credential="[[INTEGRATED]]"/>
2019-11-18 22:02:14,265 [.VirtualizationVisitor|rules-306] [INFO ] ---------------------------------------------------------------------------------------------------------------------
2019-11-18 22:02:14,265 [.VirtualizationVisitor|rules-306] [INFO ] Finished processing task of type 'TaskType_V12nInventory' on target '10.251.67.24' with result '0'
2019-11-18 22:02:14,265 [.VirtualizationVisitor|rules-306] [INFO ] Result of type 'TaskType_V12nInventory' on target '10.251.67.24':
<TaskStatus Result="Success" StartDateTime="2019-11-18T22:01:58" Type="VirtualInventory" Duration="15.91" Credential="[[INTEGRATED]]"/>
2019-11-18 22:02:18,287 [.VirtualizationVisitor|rules-306] [INFO ] Queued virtualization inventory execution on device '172.25.115.34' using protocol https and port 443
2019-11-18 22:02:20,302 [.VirtualizationVisitor|rules-306] [INFO ] Queued virtualization inventory execution on device '172.31.160.81' using protocol https and port 443
2019-11-18 22:02:24,320 [.VirtualizationVisitor|rules-306] [INFO ] ---------------------------------------------------------------------------------------------------------------------
2019-11-18 22:02:24,320 [.VirtualizationVisitor|rules-306] [INFO ] Finished processing task of type 'TaskType_V12nInventory' on target '172.31.160.81' with result '0'
2019-11-18 22:02:24,320 [.VirtualizationVisitor|rules-306] [INFO ] Result of type 'TaskType_V12nInventory' on target '172.31.160.81':
<TaskStatus Result="Success" StartDateTime="2019-11-18T22:02:20" Type="VirtualInventory" Duration="2.82" Credential="vCenter Account"/>
āNov 19, 2019 08:56 AM
This is only a guess, but I wonder whether the "INTEGRATED" indication in the log indicates that the identity of the user running the inventory rule process on the beacon was able to successfully connect - so the process didn't need to go as far as trying to use any credentials from the password store.
āNov 19, 2019 04:44 PM
From memory I believe that integrated is indeed what you suspect in that it's the service account. If you are using a named service account then this is attempted first before any of the credentials listed in the password store and this is shown as Integrated as you see here.
As Chris mentions, if this is successful there is no need to try further which is why that is the first one to be attempted for discovery and inventory rules.
āNov 20, 2019 07:47 AM
This is only a guess, but I wonder whether the "INTEGRATED" indication in the log indicates that the identity of the user running the inventory rule process on the beacon was able to successfully connect - so the process didn't need to go as far as trying to use any credentials from the password store.
āNov 19, 2019 04:44 PM
Hi Chris, I was kind of thinking along those same lines as we use a "Service Account" to run the Beacon Service versus the "Local System" account which is the default. I could not find anything to confirm that so wanted to throw it out to the experts. The Service Account more than likely has more permissions granted to it ...
Thx as Always
Bruce
āNov 20, 2019 07:14 AM
From memory I believe that integrated is indeed what you suspect in that it's the service account. If you are using a named service account then this is attempted first before any of the credentials listed in the password store and this is shown as Integrated as you see here.
As Chris mentions, if this is successful there is no need to try further which is why that is the first one to be attempted for discovery and inventory rules.
āNov 20, 2019 07:47 AM
Thanks Guys ...
āNov 20, 2019 07:54 AM