A few of my ESX servers are reporting the following error: "Cannot login rsa@logserver ip address" . The majority of the ESX servers are not reporting the issue.
A few of my ESX servers are reporting the following error: "Cannot login rsa@logserver ip address" . The majority of the ESX servers are not reporting the issue.
The errors are showing in the event console of the esx server itself.
Please see attachment.
Yes, we are using Netwitness log collection to pull ESX logs from the ESX
servers.
This sounds like the username and password being used by Netwitness to collect the logs from these ESX servers is incorrect. Have the Netwitness administrator look at the log collectors that are collecting from these ESX servers and determine if the credentials being used are valid. It is possible that the account being used is a domain account who's password has expired or someone has changed the password but didn't realize that it needed updated on the Netwitness side to allow the user account to continue to pull logs from these ESX servers.
Give this a quick look and let me know what the results of your investigation are. We may need to see the /var/log/messages file from the log collector if the account credentials look good.
Just a first thought.... I have other ESX servers that are functioning
properly. Please see attachement
It is possible they are not all using the same set of credentials to collect logs from the ESX servers. This is why it is important to make sure by checking the log collectors to see if they are all in the same group, using the same credentials, or in different groups on the same log collector or on different log collectors (using different credentials).
O.K. Checking
I am in the log server and it does not appear to have an RSA user...
Not sure what to look for after that?
On Wed, May 16, 2018 at 1:22 PM, Rich Sheridan <rich.sheridan@rcwilley.com>
Rich,
You'll need to go into the Netwitness UI and click down into the log collector's configuration page like this one here.This shows the VMWare collections. See under Sources the two ESX servers. If you click on one and then the Edit button you'll see the next screen shot.
Under the Username and password this is what you have to make sure is correct for the ESX it is trying to pull logs from.
Rich,
Here is the community document for setting up VMware ESX sources for log collection which might help with this discussion. VMware ESX-ESXi Event Source Configuration Guide
rsa user was locked out in AD. I will monitor the errors and get back to
you...
Thanks for your help.
Rich
I found the login configuration. They are all using "rsa" as the user.
What is the default login to the log collector?
On Wed, May 16, 2018 at 1:15 PM, Rich Sheridan <rich.sheridan@rcwilley.com>
Rich,
Where exactly are you seeing these error messages? When you say you are seeing these on the ESX servers do you mean the error is in the ESX server Host logs or that you are seeing this in guest logs on the ESX server? Are you using Netwitness log collection to pull ESX logs from the ESX servers? The more details you can provide the better to get a clearer picture of what you are seeing.