none
VMWare inventory RRS feed

  • Question

  • Hello,

    i try to inventory several esxi 4.1 machines, but can not get results back from them.

    i can access them via vsphere client directly or via their vcenter.

    when i tell map to do a vmware detection, it gives no info, when i tell it to also detect linux computers, it atleast recognizes them as vmware kernel 4.1's.

    what exactly is needed for vmware inventory? only vmware, or both linux & vmware detection?

    which webservice does vmware detection use? is this on the esxi itsself or via vcenter? and if it's on the esxi server, how can i verify this site, and that my account has the access map needs. 

    thanks in advance!

    Tuesday, February 15, 2011 11:55 AM

Answers

  • MAP communicates with a web service exposed by the ESXi server itself and not vCenter.  My understanding is that vCenter uses this same web service to communicate with the ESXi servers so presumably this service is running properly since you can see the ESXi servers through vCenter.  In order to reach the web service on the ESXi server, MAP needs to know two pieces of information:

    1. The username and password that gives access to the web service.
    2. The HTTPS port on which the web service is listening.

    The ESXi server should expose a web front-end called the Managed Object Browser to this web service where you can test that you have the correct username/password and HTTPS port.  Suppose your ESXi server is named "TheServer" and the web service is listening on port 8883 (you set up this port number when you install), then the URL for the Managed Object Browser web front end would be:

    https://TheServer:8883/mob

    Once you connect to this URL with your browser (if you have the right port), you'll be prompted for a username/password.  If you can get this working and then use the same port number and credentials in MAP then things should work.

    One other consideration in this is whether or not you ask MAP to validate the certificate of the ESXi server when it connects to the web service.  If the MAP machine does not have a trusted root certificate authority installed that can validate the certificates of the ESXi servers, then MAP will fail to communcate with the ESXi web services.  To get around this issue, you have to install an appropriate trusted root certificate authority on the MAP machine, or you can uncheck the "validate certificate" checkbox when configuring the HTTPS port for ESXi server in MAP.  Be aware, however, that there are potential security risks associated with not validating the server certificates, although for ESXi servers on your intranet you may find the risk acceptable. See http://windows.microsoft.com/en-US/windows-vista/About-certificate-errors for a general discussion of certificate errors and their risks.

    FYI: I just verified that the Managed Object Browser is available with our ESXi 4.1 install, so the above steps should help you debug the problem.

    Tuesday, February 15, 2011 11:08 PM
  • Hi,

    I managed to trace the problem back to a proxy settings issue.

    The site could only be accessed via ip address because the map pc's proxy local addresses bypass didn't include the lab domain suffix. Then map, when it did inventory based on hostname, couldn't access the website.

    Thanks for the help.

    regards

    Friday, February 18, 2011 10:59 AM

All replies

  • MAP communicates with a web service exposed by the ESXi server itself and not vCenter.  My understanding is that vCenter uses this same web service to communicate with the ESXi servers so presumably this service is running properly since you can see the ESXi servers through vCenter.  In order to reach the web service on the ESXi server, MAP needs to know two pieces of information:

    1. The username and password that gives access to the web service.
    2. The HTTPS port on which the web service is listening.

    The ESXi server should expose a web front-end called the Managed Object Browser to this web service where you can test that you have the correct username/password and HTTPS port.  Suppose your ESXi server is named "TheServer" and the web service is listening on port 8883 (you set up this port number when you install), then the URL for the Managed Object Browser web front end would be:

    https://TheServer:8883/mob

    Once you connect to this URL with your browser (if you have the right port), you'll be prompted for a username/password.  If you can get this working and then use the same port number and credentials in MAP then things should work.

    One other consideration in this is whether or not you ask MAP to validate the certificate of the ESXi server when it connects to the web service.  If the MAP machine does not have a trusted root certificate authority installed that can validate the certificates of the ESXi servers, then MAP will fail to communcate with the ESXi web services.  To get around this issue, you have to install an appropriate trusted root certificate authority on the MAP machine, or you can uncheck the "validate certificate" checkbox when configuring the HTTPS port for ESXi server in MAP.  Be aware, however, that there are potential security risks associated with not validating the server certificates, although for ESXi servers on your intranet you may find the risk acceptable. See http://windows.microsoft.com/en-US/windows-vista/About-certificate-errors for a general discussion of certificate errors and their risks.

    FYI: I just verified that the Managed Object Browser is available with our ESXi 4.1 install, so the above steps should help you debug the problem.

    Tuesday, February 15, 2011 11:08 PM
  • Hi,

    great info so far, thanks.

    I can open that site in IE, through port 443 & using the root acount.

    However when i enter this account as credential in map, make sure 443 is used & cert validation is off (it's a lab environment), i still don't get any values returned in map.

    in the map log it tells me it failed "duetoanyerror".

     

    Friday, February 18, 2011 9:59 AM
  • Hi,

    I managed to trace the problem back to a proxy settings issue.

    The site could only be accessed via ip address because the map pc's proxy local addresses bypass didn't include the lab domain suffix. Then map, when it did inventory based on hostname, couldn't access the website.

    Thanks for the help.

    regards

    Friday, February 18, 2011 10:59 AM