Trend Deep Security Manager 9 – Post Installation Issue

DSVA Security Update Failed:

Once I had the full Trend Deep Security Manager environment installed I ran the Download Security Updates command to get the latest updates from the Trend website. When trying to update the DSVA I got the following error:
Error Code: -1073676286 Error Message: IAU_STATUS_NETWORK_CONNECTION_FAILURE https://trendserver1:4122/ 
I ran a putty session on the ESX host server (where DSVA security update fails) and saw that there is an entry under vmkernel.log that shows “DSVA not bound”. When I logged into vShield Manager and checked the ESX Host summary and saw that vShield Endpoint was installed but that there were no items listed in Service Virtual Machines. This should show the name of the protected DSVA on that host.
The issue occurs when the DSVA and filter driver improperly bind, causing communication failure between DSVA and the VM to protect. To successfully activate the VM:
  1. Ensure that the value 169.254.1.1 is bound to Dvfilter-dsa.
    1. On the vCenter, click the ESXi host.
    2. Go to Configuration tab > Advanced Settings > Net.
    3. Make sure that the value of Net.DVFilterBindIPAddress is “169.254.1.1”.
  2. Make sure that the dvfilter is listening to port 2222.
    1. On the vCenter, click the ESXi host.
    2. Go to Configuration tab > Security Profile.
    3. Under Firewall, click Properties.
    4. Ensure that the dvfilter is selected and listening to port 2222.
  3. Restart the filter driver.
    1. Put the ESXi on maintenance mode. This requires turning off the VMs or migrating them to another ESXi host.
    2. Connect to the ESXi host via SSH using Putty.
    3. Run the command “esxcfg-module -u dvfilter-dsa” to unload the filter driver.
    4. Run the command “esxcfg-module dvfilter-dsa” to reload the filter driver.
    5. Exit the ESXi from maintenance mode.
  4. Power on the DSVA.
  5. On the Deep Security Manager (DSM) console, make sure that the DSVA status is “Managed-Online” and the vShield Endpoint status is “Registered”.
  6. Activate the VM.
Activation will be successful and the “Dvfilter-dsa: update_sp_binding: DSVA not bound” will no longer appear on the ESXi log.
Deactivating and re-activating the DSVAs fixed this issue.

 

This entry was posted in Trend, Trend Deep Security. Bookmark the permalink.

Leave a comment