Solved

Connect commserve to vCenter in firewalled environment

  • 6 July 2021
  • 5 replies
  • 2989 views

Userlevel 4
Badge +14

Hello,

I am trying to create a VMware pseudo client for VMware in a firewalled environment but after entering the credentials and click on ok  “validating credentials” it takes a long time then “Failed to validate Virtual Server credentials. Please check input parameters and try again.”

I have opened all required ports between MA and ESXI/vcenter according the matrix flow.

https://documentation.commvault.com/commvault/v11/article?p=32026.htm

test also with administrator@vsphere.local and it is the same

any logs I can check ?

icon

Best answer by Gopinath 7 July 2021, 18:40

View original

5 replies

Userlevel 5
Badge +8

Hi Bloopa,

Check cvd logs on VSA access node and EvMgs logs on CS. Make sure VSiDA installed machine that selected as VSA access node has communication to vCenter and ESXi servers with BOL provided ports open. 

 

Regards

Gopinath

Userlevel 4
Badge +14

Here are some logs from the mediaAgent

Thanks !

[root@ELMA01 Log_Files]# tail -f cvd.log
200998 7f808 07/06 16:38:36 ### ERROR: CvFwClient::connect(): Timed out while waiting for data in socket.
200998 7f808 07/06 16:38:36 ### [ClientSessionWrapper::connectToCS] Error connecting to svc [AppManager network access] on CS. [0xE8090010:{CCvNetwork::Attach_RemoteService(1691)} + {CCvNetwork::Attach_RemoteService(1660)} + {CCvNetwork::LookupRegisteredPorts(4710)} + {CCvNetwork::LookupRegisteredPorts_Remote(4505)} + {CSessionConnectionSocket::LookupPortRemotely(1117)} + {CCvNetwork::Attach_RemotePort(1295)} + {CCvNetwork::GetConnection(3133)} + {CSessionConnectionSocket::GetConnection(189)/EventMessage.0x09000010.9:16}]
200998 7f808 07/06 16:38:36 ### CVGlobalParam::getProperty() - Error [150995038-[ClientSessionWrapper::connectToCS] Error connecting to svc [AppManager network access] on CS. [0xE8090010:{CCvNetwork::Attach_RemoteService(1691)} + {CCvNetwork::Attach_RemoteService(1660)} + {CCvNetwork::LookupRegisteredPorts(4710)} + {CCvNetwork::LookupRegisteredPorts_Remote(4505)} + {CSessionConnectionSocket::LookupPortRemotely(1117)} + {CCvNetwork::Attach_RemotePort(1295)} + {CCvNetwork::GetConnection(3133)} + {CSessionConnectionSocket::GetConnection(189)/EventMessage.0x09000010.9:16}]] fetching GlobalParam [SendLogsUseHTTPProxy]
200998 7f808 07/06 16:38:36 ### CVMWareInfo::Connect() - Connecting to Url=[https://elvcenter01.centre.com/sdk] User=[administrator@vsphere.local]
200998 7f808 07/06 16:38:36 ### CVIWrapper::Connect() - Connection successful with [https://elvcenter01.centre.com/sdk] [VMware vCenter Server 7.0.2 build-17958471]
200998 7f808 07/06 16:38:36 ### CVMManualDiscVMInfoCache::GetVMInfo() - Caching new VMInfo object for elvcenter01.centre.com
200998 7f72a 07/06 16:38:36 ### CVMManualDiscVMInfoCache::ReleaseVMInfo() - Releasing locked VMInfo object for elvcenter01.centre.com
200998 7f72a 07/06 16:38:36 ### CVMManualDiscHandler::SendResponse() - Failed to send response. Error:[0xECCC0020:{CCvNetwork::SendXMLMessage(4041)} + {CCvNetwork::SendXDRMessageInternal(5166)/elcs01/ELCS01.centre.com/SockIP(168.125.115.43)/168.125.115.43:0/0 EvMgrs.exe(1400:1a8c)} + {CSessionConnectionSocket::SendBytes(471)} + {CQiSocket::SendWithTimeOut(550)/ErrNo.32.(Broken pipe)}]
200998 7f808 07/06 16:38:36 ### CVMManualDiscVMInfoCache::ReleaseVMInfo() - Releasing locked VMInfo object for elvcenter01.centre.com
200998 7f808 07/06 16:38:36 ### CVMManualDiscHandler::SendResponse() - Failed to send response. Error:[0xECCC0020:{CCvNetwork::SendXMLMessage(4041)} + {CCvNetwork::SendXDRMessageInternal(5166)/elcs01/ELCS01.centre.com/SockIP(168.125.115.43)/168.125.115.43:0/0 EvMgrs.exe(1400:2718)} + {CSessionConnectionSocket::SendBytes(471)} + {CQiSocket::SendWithTimeOut(550)/ErrNo.32.(Broken pipe)}]
 

Userlevel 5
Badge +8

ELMA01 able to connect to VC, no issues there as per above logs. But check your cvfwd.log on both ELMA01 and ELCS01 machines, f/w rules, tunnel port (default 8403 or other user selected) and correct network topology b/w ELMA01 and ELCS01.centre.com, that has the issue. Resolve it then virtualization client creation will work.

 

Regards

Gopinath

Userlevel 4
Badge +14

@Gopinath Thanks, is it mandatory to create also a network topology when ports are opened and what topology I can use ?

RESTRICTED, BLOCKED ? it is pretty confused !

Userlevel 5
Badge +8

@Bloopa Seems ports are open b/w ELMA01 and VC but CS and VSA+MA also need to has communication in this f/w environment, you must configure the Commvault firewall.

Refer to these BOL pages for requirements and firewall settings.

https://documentation.commvault.com/commvault/v11_sp20/article?p=3368.htm

https://documentation.commvault.com/commvault/v11_sp20/article?p=91943.htm

 

Reply