Without partner service virtual machine functional, guest VMs are not protected against malware.
On each host, verify that the following services or process are up and running:
-
ESXi Agency Manager (EAM) service must be up and running. The following URL must be accessible.
https://<vCenter_Server_IP_Address>/eam/mob
Verify the ESXi Agency Manager is online.
root> service-control --status vmware-eam
- Port groups of SVMs must not be deleted because these port groups are required to ensure that SVM continues to protect guest VMs.
https://<vCenter_Server_IP_Address>/ui
-
In vCenter Server, go to the virtual machine, click the Networks tab, and check whether vmservice-vshield-pg is listed.
-
Context Multiplexer (MUX) service is up and running. Check nsx-context-mux VIB is UP and running on the host.
-
The management interface on which NSX-T Data Center communicates with the partner service console must be up.
- The control interface enabling communication between MUX and SVM must be up. Port group connecting MUX with SVM must be created. Both interface and port group are required for the partner service to be functional.
ESXi Agency Manager Issues
The table lists the ESXi Agency Manager issues that can be resolved using the Resolve button on the NSX Manager user interface. It notifies NSX Manager with error details.
| Issue |
Category |
Description |
Resolution |
| Cannot Access Agent OVF |
VM Not Deployed |
An agent virtual machine is expected to be deployed on a host, but the agent virtual machine cannot be deployed because the ESXi Agent Manager is unable to access the OVF package for the agent. It might happen because the web server providing the OVF package is down. The web server is often internal to the solution that created the Agency. |
ESXi Agency Manager (EAM) service retries the OVF download operation. Check the partner management console status. Click Resolve. |
| Incompatible Host Version |
VM Not Deployed |
An agent virtual machine is expected to be deployed on a host. However, because of compatibility issues the agent was not deployed on the host. |
Upgrade either the host or the solution to make the agent compatible with the host. Check the compatibility of the SVM. Click Resolve. |
| Insufficient Resources |
VM Not Deployed |
An agent virtual machine is expected to be deployed on a host. However, ESXi Agency Manager (EAM) service did not deploy the agent virtual machine because the host has less CPU or memory resources. |
ESXi Agency Manager (EAM) service attempts to redeploy the virtual machine. Ensure that CPU and memory resources are available. Check the host and free up some resources. Click Resolve. |
| Insufficient Space |
VM Not Deployed |
An agent virtual machine is expected to be deployed on a host. However, the agent virtual machine was not deployed because the agent datastore on the host did not have enough free space. |
ESXi Agency Manager (EAM) service attempts to redeploy the virtual machine. Free up some space on the datastore. Click Resolve. |
| No Agent VM Network |
VM Not Deployed |
An agent virtual machine is expected to be deployed on a host, but the agent cannot be deployed because the agent network has not been configured on the host. |
Add one of the networks listed in customAgentVmNetwork to the host. The issue resolves automatically after the datastore is available. |
| Ovf Invalid Format |
VM Not Deployed |
An Agent virtual machine is expected to be provisioned on a host, but it failed to do so because the provisioning of the OVF package failed. The provisioning is unlikely to succeed until the solution that provides the OVF package has been upgraded or patched to provide a valid OVF package for the agent virtual machine. |
ESXi Agency Manager (EAM) service attempts to redeploy the SVM. Check the partner solution documentation or upgrade the partner solution to get the valid OVF package. Click Resolve. |
| Missing Agent IP Pool |
VM Powered Off |
An agent virtual machine is expected to be powered on, but the agent virtual machine is powered off because there are no IP addresses defined on the agent's virtual machine network. |
Define the IP address on the virtual machine network. Click Resolve. |
| No Agent VM Datastore |
VM Powered Off |
An agent virtual machine is expected to be deployed on a host, but the agent cannot be deployed because the agent datastore has not been configured on the host. |
Add one of the datastores listed in customAgentVmDatastore to the host. The issue resolves automatically after the datastore is available. |
| No Custom Agent VM Network |
No Agent VM Network |
An agent virtual machine is expected to be deployed on a host, but the agent cannot be deployed because the agent network has not been configured on the host. |
Add the host to one of the networks listed in a custom agent VM network. The issue resolves automatically after a custom VM network is available. |
| No Custom Agent VM Datastore |
No Agent VM Datastore |
An agent virtual machine is expected to be deployed on a host, but the agent cannot be deployed because the agent datastore has not been configured on the host. |
Add the host to one of the datastores listed in a custom agent VM datastore. The issue resolves automatically. |
| Orphaned Agency |
Agency Issue |
The solution that created the agency is no longer registered with the vCenter Server. | Register the solution with the vCenter Server. |
| Orphaned DvFilter Switch |
Host Issue |
A dvFilter switch exists on a host but no agents on the host depend on dvFilter. It happens if a host is disconnected when an agency configuration changed. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to connect the host before the agency configuration is updated. |
| Unknown Agent VM |
Host Issue |
An agent virtual machine has been found in thevCenter Server inventory that does not belong to any agency in this vSphere ESX Agent Manager server instance. | Click Resolve. ESXi Agency Manager (EAM) service attempts to place the virtual machine to the inventory it belongs to. |
| Ovf Invalid Property |
VM Issue |
An agent virtual machine must be powered on, but an OVF property is either missing or has an invalid value. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to reconfigure the correct OVF property. |
| VM Corrupted |
VM Issue |
An agent virtual machine is corrupt. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to repair the virtual machine. |
| VM Orphaned |
VM Issue |
An agent virtual machine exists on a host, but the host is no longer part of scope for the agency. It happens if a host is disconnected when the agency configuration is changed. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to connect the host back to the agency configuration. |
| VM Deployed |
VM Issue |
An agent virtual machine is expected to be removed from a host, but the agent virtual machine has not been removed. The specific reason why vSphere ESX Agent Manager was unable to remove the agent virtual machine, such as the host is in maintenance mode, powered off or in standby mode. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to remove the agent virtual machine from the host. |
| VM Powered Off |
VM Issue |
An agent virtual machine is expected to be powered on, but the agent virtual machine is powered off. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to power on the virtual machine. |
| VM Powered On |
VM Issue |
An agent virtual machine is expected to be powered off, but the agent virtual machine is powered off. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to power off the virtual machine. |
| VM Suspended |
VM Issue |
An agent virtual machine is expected to be powered on, but the agent virtual machine is suspended. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to power on the virtual machine. |
| VM Wrong Folder |
VM Issue |
An agent virtual machine is expected to be located in a designated agent virtual machine folder, but is found in a different folder. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to place the agent virtual machine to the designated folder. |
| VM Wrong Resource Pool |
VM Issue |
An agent virtual machine is expected to be located in a designated agent virtual machine resource pool, but is found in a different resource pool. |
Click Resolve. ESXi Agency Manager (EAM) service attempts to place the agent virtual machine to a designated resource pool. |
| VM Not Deployed |
Agent Issue |
An agent virtual machine is expected to be deployed on a host, but the agent virtual machine has not been deployed. Specific reasons why ESXi Agent Manager was unable to deploy the agent, such as being unable to access the OVF package for the agent or a missing host configuration. This issue can also happen if the agent virtual machine is explicitly deleted from the host. |
Click Resolve to deploy the agent virtual machine. |
NSX Manager Issues
| Issue | Description | Resolution |
|---|---|---|
| Unable to allocate static IP addresses from the IP Pool |
Either the IP addresses from the pool are exhausted or there are no more IP addresses left to allocate. |
Fix the IP Pool problem, click Resolve to fix the issue. |
| OVF certification error |
NSX-T Data Center was not able to certify the OVF provided in the service. Either the certificates are not valid or the location is not reachable. |
Verify whether the OVF is certified. Verify whether the OVF/Certificate file location is reachable from the NSX Manager appliance. After verifying the above points, delete the deployment and start a new deployment. |
Next, configure the Endpoint Protection for VM groups. See Endpoint Protection.
