cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Scanning VMWare Infrastructure

Hi,

I've recently set up a FNMS 2017 R2 instance and I'm trying to get it to successfully scan a pre-existing VMWare Infrastructure. The Service Account I'm using has Read Only Access to the VCenter Infrastructure. It can succcessfully log in to the VCenter Instance web page. All elements of the VCenter cluster can be pinnged from the FNMS server. The only actual diagnostics I can derive are:

1. Log files from the Inventory Beacon -
2018-01-31 13:58:29,886 [ource.NMapDeviceSource|IPScan] [INFO ] Starting an IP scan.
2018-01-31 13:58:29,933 [iscovery.NMapDiscovery|IPScan] [INFO ] Building command line with TCP ports:22,80,135,139,161,443,445 and UDP ports 22,80,135,139,161,443,445
2018-01-31 13:58:29,933 [iscovery.NMapDiscovery|IPScan] [INFO ] Command line for mgsipScan: -p T:22,80,135,139,161,443,445,U:22,80,135,139,161,443,445 -oX "C:\Users\flx-fnms-svc\AppData\Local\Temp\ManageSoft\discovery\mgsipscan-t-2018131_135829-64fe98833c-07fa-4ce3-b6f2-bdc9e6ef6926.xml" -PI -sS -sU 10.0.0.10
2018-01-31 13:58:30,105 [veryExportDeviceSource|DeviceSource] [INFO ] Processing exported disco files extracted in the folder 'C:\ProgramData\Flexera Software\Beacon\DiscoveryExport\19': 1 files to be processed.
2018-01-31 13:58:30,105 [veryExportDeviceSource|DeviceSource] [INFO ] Processing exported disco file 'C:\ProgramData\Flexera Software\Beacon\DiscoveryExport\19\1.disco'
2018-01-31 13:58:30,309 [iscoveryActionExecuter|DNSLookup] [INFO ] Failed to perform DNS discovery for device '10.0.0.10'.
2018-01-31 13:58:32,234 [iscoveryActionExecuter|Async] [INFO ] Enumerating devices from store after DNS lookup
2018-01-31 13:58:32,234 [iscoveryActionExecuter|Async] [INFO ] Completed enumeration of devices from store after DNS lookup
2018-01-31 13:58:36,914 [iscoveryActionExecuter|IPScan] [INFO ] Device '10.0.0.10' is in scope: VCenter
2018-01-31 13:58:36,914 [ource.NMapDeviceSource|IPScan] [INFO ] Completed an IP scan.
2018-01-31 13:58:36,946 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Performing Device Property Scan discovery for device '10.0.0.10'
2018-01-31 13:58:36,946 [veryDevicePropertyScan|PropertyDisco] [INFO ] Performing nbtstat discovery for device: 10.0.0.10
2018-01-31 13:58:37,029 [veryDevicePropertyScan|PropertyDisco] [INFO ] Performing ARP discovery for device: 10.0.0.10
2018-01-31 13:58:37,042 [.MacAddressScanInterop|PropertyDisco] [INFO ] The specified IPAddress '10.0.0.10' is not within the same subnet.
2018-01-31 13:58:37,042 [veryDevicePropertyScan|PropertyDisco] [INFO ] Performing NetAPI discovery for device: 10.0.0.10
2018-01-31 13:58:38,259 [iscoveryActionExecuter|Async] [INFO ] Starting to enumerate devices from IP Scan
2018-01-31 13:58:38,259 [iscoveryActionExecuter|Async] [INFO ] IP Scan completed, 0 devices failed to get port info. Adding these devices to downstream.
2018-01-31 13:58:59,113 [overy.NetServerGetInfo|PropertyDisco] [INFO ] Completed NetAPI discovery for device '10.0.0.10' unsuccessfully: The network path could not be found
2018-01-31 13:58:59,114 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Completed Device Property Scan discovery for device '10.0.0.10': DeviceName = "", MAC Address = "", NTDomain = "" and WindowsType = 0.
2018-01-31 13:58:59,114 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Performing VMware discovery for device '10.0.0.10'
2018-01-31 13:58:59,151 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Completed VMware discovery for device '10.0.0.10': not discovered
2018-01-31 13:59:00,337 [iscoveryActionExecuter|Async] [INFO ] Discovery execution has completed.
2018-01-31 13:59:00,347 [coveryThreadedExecutor|Async] [INFO ] Shutdown of 10 threads for device discovery.
2018-01-31 13:59:00,352 [coveryThreadedExecutor|Async] [INFO ] Shutdown of 10 threads for DNS lookup.
2018-01-31 13:59:00,352 [coveryThreadedExecutor|Async] [INFO ] Shutdown of 1 threads for network scanning.
2018-01-31 13:59:00,352 [coveryThreadedExecutor|Async] [INFO ] Shutdown of 20 threads for device property and service discovery.

and a Wireshark log which shows:
a 301 response code from the FNMS server posting to https:///sdk.

Does anyone have any ideas?
0 Kudos
7 Replies
Highlighted
Community Manager ChrisG Community Manager
Community Manager

Re: Scanning VMWare Infrastructure

Hi brianmcelraft,

Some common problems would be that the VMware web API is not running on 10.0.0.10, or that the beacon does not have network connectivity to port 443 (HTTPS) on the VMware server.

For troubleshooting, you could try using a web browser running on the beacon to browse to https://10.0.0.10/mob and ensure you do not get a "connection failed" or "404 not found" type response. (You may still get an error browsing to that URL, but you want an error which indicates that a connection was successfully made, and that there seems to be something running there.)

Chris @ Flexera
(Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".)
0 Kudos
Highlighted

Re: Scanning VMWare Infrastructure

cgrinton wrote:
Hi brianmcelraft,

Some common problems would be that the VMware web API is not running on 10.0.0.10, or that the beacon does not have network connectivity to port 443 (HTTPS) on the VMware server.

For troubleshooting, you could try using a web browser running on the beacon to browse to https://10.0.0.10/mob and ensure you do not get a "connection failed" or "404 not found" type response. (You may still get an error browsing to that URL, but you want an error which indicates that a connection was successfully made, and that there seems to be something running there.)

Chris @ Flexera


Unfortunately I've tried both of these. The only clue I can gander from the logs is that the Beacon is having issues connecting to https:///sdk/. The actual REST interface is sitting at https:///sdk/vim.wsdl. I have no issues connecting to it from the browser level on the beacon itself via HTTPS...
0 Kudos
Highlighted
Moderator JohnSorensenDK Moderator
Moderator

ESXQuery

brianmcelraft wrote:
Unfortunately I've tried both of these. The only clue I can gander from the logs is that the Beacon is having issues connecting to https:///sdk/. The actual REST interface is sitting at https:///sdk/vim.wsdl. I have no issues connecting to it from the browser level on the beacon itself via HTTPS...


You may want to test/troubleshoot using the ESXQuery inventory tool that can be executed manually, please download it from https://flexeracommunity.force.com/customer/articles/en_US/INFO/Additional-Inventory-Tools-for-FlexN...

Thanks,
John Sorensen
Flexera
0 Kudos
Highlighted

Re: Scanning VMWare Infrastructure

JohnSorensenDK wrote:
You may want to test/troubleshoot using the ESXQuery inventory tool that can be executed manually, please download it from https://flexeracommunity.force.com/customer/articles/en_US/INFO/Additional-Inventory-Tools-for-FlexN...

Thanks,
John Sorensen
Flexera


Thanks for the reply John. I've tried to run ESXQuery on a production instance where similar issues are being seen. In both cases it looks like the ESXuery (and FNMS in general) are trying to query https://:443/sdk. However, this url looks to be deprecated by VMWare.
Here's the relevant output from ESXQuery
BindServer(, proto=https, port=0) failed.
In fsend call to WinHttpSendRequest: A connection with the server could not be established (12029)
An error occured in HTTP processing
Failed to retrieve contents from web service https://:443/sdk
BindServer(.com, proto=https, port=0) failed.

I'm able to manually browse to the VCenter console from both machines. One issue is that we're using self signed certificates in these cases. However, at least in my test environment, I've tried to loosen up Cert requirements to deal with this.

Any ideas?

Thanks

Brian
0 Kudos