*
News: SMF - Just Installed!


Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

ESXi servers OS endpoints turn to "No access" state 1771

Super Newbie Posts: 6 Karma: +0/-0 *
ESXi servers OS endpoints turn to "No access" state
« on: February 10, 2015, 10:13:58 AM »
Hello,

Last days I have configured Active Directory domain authentication on ESXi servers running on X240 nodes placed in IBM Flex System Enterprise Chassis. My intention was to use single domain user ID to access all ESXi nodes OS endpoints from FSM. This domain ID has administrator privilleges on all ESXi hosts (I can use the login ID to access ESXi host via SSH or using vSphere Client). After I go to FSM -> Resource Explorer -> All Operating Systems, I select one of the ESXi OS endpoints with "No access" status in "Access" column and define my domain user credentials in User ID and Password fields. After that I always receive Access failed error message ("The Request Access attempt was not successful on one or more target systems within the time allotted"), however after clicking "Retry on Failed" button I'm able to get green Access OK status and from now on it seems that my FSM sees ESXi OS endpoint properly. It is however not that beautiful as it seems. After some random time (from a few minutes to some hours) the ESXi OS endpoint again gets "No access" status in Resource Explorer. The question is why the FSM loses the AD domain credentials of the ESXi OS endpoint? What additional configuration actions need to be done on FSM or ESXi side to make the AD domain access working?

Cheers,
Konrad
Administrator Sr. Member Posts: 309 Karma: +6/-0 *****
Re: ESXi servers OS endpoints turn to "No access" state
« Reply #1 on: February 10, 2015, 04:07:22 PM »
Hi Konrad,

I can't say I've seen this issue or configuration before. Do you have the vCenter server also discovered and using the AD credentials? If so, is that staying connected. Also, you can try creating System Credentials by right-clicking on the host and doing 'Configure Access'. From that screen you can hit 'Actions' and add new credentials. See if that works. My assumption is that the periodic logins to the OS-MEP are timing out and it may not have a defined set of credentials to use.

Thanks!
Super Newbie Posts: 6 Karma: +0/-0 *
Re: ESXi servers OS endpoints turn to "No access" state
« Reply #2 on: February 11, 2015, 05:42:18 AM »
Hello,

I don't have vCenter server discovered in my FSM configuration. This step is planned for some near future. I'm however already using AD domain credentials to authenticate FSM to ESXi Server MEPs and they are working perfectly, access credentials are not being lost. Thank you for the hint with 'Configure Access' menu, but it seems to give the same effect as 'Request Access' functionality - credentials are still being lost for OS endpoints. I'm also wondering why for some OS endpoints I can see only 'CIM' access type and for the others I can see both 'CIM' and 'SSH'.

Thanks!
Administrator Sr. Member Posts: 309 Karma: +6/-0 *****
Re: ESXi servers OS endpoints turn to "No access" state
« Reply #3 on: February 11, 2015, 12:42:39 PM »
This is a tough one. I would have thought configuring credentials would give you a more "static" setting.

I guess my next question would be what are you thinking you will get out of managing the OS endpoints for ESXi? Its my understanding that as long as the vCenter server is discovered, unlocked, and inventoried then it will give you access to the underlying VM infrastructure as well as seeing the ESXi hosts as "Virtual Server Hosts".
Super Newbie Posts: 6 Karma: +0/-0 *
Re: ESXi servers OS endpoints turn to "No access" state
« Reply #4 on: February 13, 2015, 05:42:42 AM »
Hi again,

After some investigation it seems, that my problem is related more to ESXis or/and Active Directory LDAP configuration than to the FSM. I noticed, that when trying to access ESXi host using SSH I sometimes must enter my credentials twice (each time they are 100% correct) - this seems to be perfectly related to Access failed error message which I get after specifying ESXi domain credentails in FSM for the first time (this symptom was desribed in my 1st post).

Concerning your question about the benefits of managing OS endpoints from FSM without vCenter endpoint discovery: It all started when I was updating my PureFlex components to v. 1.3.1. As I understood from "IBM Flex System and IBM PureFlex Firmware Updates Best Practices" guide, Operating System endpoints must be discovered by the FSM before the upgrade process starts. I was also thinking at that time, that after I discover and inventory OS endpoints of ESXi nodes I will be able to apply drivers update (included in UXSP for ESXi 5.1) from FSM, but I wasn't successfull with that.

I'm currently doing some activities to get my ESXi's working with Active Directory (hoping that it will make the FSM working with ESXi OS MEPs using AD authentication). I will post the results here after I'm done.

Thanks!