Collect ESXi version, OS version and logs generated by the various components of the NSX Guest Introspection Platform.

Collect Environment and Workload Details

  1. Determine if Guest Introspection is used in your environment. If it is not, remove the Guest Introspection service for the virtual machine, and confirm that the problem is resolved. Troubleshoot a Guest Introspection problem only if Guest Inspection is required.
  2. Collect environment details:

    1. To collect the ESXi build version, run the command uname –a on the ESXi host or select a host in the vSphere Web Client and look for the build number at the top of the right pane.

    2. Linux or Windows product version and build number.
    3. /usr/sbin/vsep -v returns the production version: 
      Build number
------------------
Ubuntu 
dpkg -l | grep vmware-nsx-gi-file
SLES12 and RHEL7
rpm -qa | grep vmware-nsx-gi-file
  3. Collect the NSX for vSphere version, and the following:
    • Partner solution name and version number

    • EPSec Library version number used by the partner solution: Log into the SVM and run strings <path to EPSec library>/libEPSec.so | grep BUILD

    • Guest operating system in the virtual machine
    • Any other third-party applications or file system drivers
  4. ESX GI Module (MUX) version - run the command esxcli software vib list | grep nsx-context-mux.
  5. Collect workload details, such as the type of server.
  6. Collect ESXi host logs. For more information, see Collecting diagnostic information for VMware ESX/ESXi (653).
  7. Collect logs from the consumers of NSX Guest Introspection Platform. The consumers are Endpoint Protection (service virtual machine), NSX Malware Prevention (Security Hub VM), NSX Intelligence and IDFW. Contact your partner for more details on SVM log collection.
  8. Collect the VMware vmss file of the virtual machine in a suspended state, see Suspending a virtual machine on ESX/ESXi to collect diagnostic information (2005831), or crash the virtual machine and collect the full memory dump file. VMware offers a utility to convert an ESXi vmss file to a core dump file. See Vmss2core fling for more information.