5.8
Table Of Contents
- VMware vRealize Configuration Manager Troubleshooting Guide
- Contents
- About This Book
- Troubleshooting Overview
- Types of Problems
- Gathering Diagnostic Information
- What to Send to VMware Technical Support
- Capture a Desktop Image
- Capture a Window Image
- Set the Debug Log to Store all Message Types
- Extract the Debug Log
- Extract SQL Server Logs
- Collect IIS Logs
- Collect ARS Files
- Collect the UNIX Syslog Messages
- Collect Import/Export Tool Logs
- Extract Windows Event Logs
- Extract Windows System Information
- Collect UNIX ETL Logs
- Collect VCM Installation Logs
- Enable VCM Patching Logging
- Collect VCM Patching Logs
- Collect Agent Logging
- Troubleshooting Problems with VCM
- Patch Content Does Not Download for Red Hat and SUSE Machines
- Signed Patch Content Cannot Be Validated
- Mismatched Security Setting for AIX Patch Staging with NFS
- UNIX Patch Deployment Fails
- UNIX Patch Assessment Returns No Results
- Patch Deployment Jobs Might Time Out
- UNIX Bulletins Missing from the Required Location
- Report and Node Summary Errors
- Report Parameter Errors
- Protected Storage Errors
- SSL Becomes Disabled
- Troubleshooting the vSphere Client VCM Plug-In
- vSphere Client VCM Plug-In Is Not Enabled
- Cannot Register the vSphere Client VCM Plug-In
- Invalid Certificate on a vSphere Client
- Collector Not Running
- HTTPS/SSL Is Not Configured on the Collector
- Collection Unsuccessful
- Machines Not Listed in the Collect Available List
- Machines Not Listed in the Available List for Any Action
- ESX Servers Are Not Displayed
- VCM Windows Agent
- Windows Agent Installation Environment
- Windows Agent Installation Process
- Detect Previous Install
- Validate Installation Environment
- Interrogate Target Environment
- Resolve Uninstall Dependencies
- Uninstall Module
- Uninstall Module Installer
- Install Simple Installer
- Install Module Installer
- Resolve All Versions of Modules Based on Highest Version Number
- Install Module
- Fully Release the Synchronization Lock on the Target Machine
- Submit Request to Agent
- Check If Request Is Complete
- Transfer Request Results
- Acknowledge Successful Data Transfer
- Prepare Request Results for Insert
- Insert Data Into Database
- Transform Inserted Data
- Cleanup Machine Data
- Partially Release the Synchronization Lock on the Target Machine
- Cleanup Request Data
- Windows Agent Uninstallation Process
- Detect Previous Install
- Validate Installation Environment
- Interrogate Target Environment
- Resolve Uninstall Dependencies
- Uninstall Module
- Uninstall Module Installer
- Fully Release the Synchronization Lock on the Target Machine
- Partially Release the Synchronization Lock on the Target Machine
- Cleanup Request Data
- Windows Agent Upgrade Process
- Windows Agent Manual Installation Process
- Windows Agent Communication Protocols
- Communication Protocol Change Process
- Detect Previous Install
- Uninstall Agent
- Uninstall Package Installer
- Uninstall Basic Installer
- Validate Installation Environment
- Install Simple Installer
- Store Installation Data in the Database
- Install Module Installer
- Fully Release the Synchronization Lock On the Target Machine
- Submit Request to Agent
- Check If Request Is Complete
- Transfer Request Results
- Acknowledge Successful Data Transfer
- Prepare Request Results For Insert
- Insert Data Into Database
- Transform Inserted Data
- Cleanup Machine Data
- Partially Release the Synchronization Lock on the Target Machine
- Cleanup Request Data
- Debug Window Agent Installations
- VCM UNIX Agent
- UNIX Agent Directory Structure After Installation
- /opt/CMAgent
- /opt/CMAgent/Agent
- /opt/CMAgent/CFC
- /opt/CMAgent/data
- /opt/CMAgent/data/db
- /opt/CMAgent/data/db/DtmDB/RDM
- /opt/CMAgent/data/db/PDS
- /opt/CMAgent/data/db/SM/RDM
- /opt/CMAgent/ECMu
- /opt/CMAgent/ECMu/x.x/bin
- /opt/CMAgent/ECMu/x.x/scripts
- /opt/CMAgent/install
- /opt/CMAgent/Installer
- /opt/CMAgent/ThirdParty
- /opt/CMAgent/ThirdParty/x.x/PatchAssessment
- /opt/CMAgent/uninstall
- Directories Created During an Inspection
- Directory of Executed Scripts and Results
- Collector Certificates
- Patch Assessment
- Exploratory UNIX Agent Troubleshooting
- UNIX Agent Directory Structure After Installation
- Index
n CSISecureHigh
Errors from the RunHigh executable file, indicating violation of rules enforced by the suid program
for running root privilege inspections.
n CSISecureLow
Errors from the RunLow executable file, indicating violation of rules enforced by the sgid program for
running non-root privilege inspections.
n CSISecure
Errors from the RunRemote executable file, indicating violation of rules enforced by the suid program
for running root privilege remote commands. The File Upload job also uses this executable file when it
needs to copy a file that has restricted permissions.
CSISecure messages are deliberately unhelpful in debugging because they would otherwise expose
the rules being enforced.
NOTE An error is logged if you run any of the executable files manually.
Look for the following problem areas.
n The user who is configured to run the Agent is not a member of the cfgsoft group.
n The user who is configured to run the Agent does not have the cfgsoft group as the default group.
n The user who is configured to run the Agent has a no-login shell.
If inspections are not returning all of the expected information, examine the DBE file from the Collector
request-ID directory. The file captures errors reported to the stderr of the gawk inspector. Messages
will be from the ReadInternal function of the CEcmScriptResultStream class and indicate which data
class was being processed at the time. The error might span several sequential messages.
Save the ZRP File at the Collector
If the Agent returns a ZRP file to the Collector, debug events are logged to the SQL database, and you can
view them there. To preserve the source of the errors, prevent the ZRP file from being deleted after
processing.
Procedure
1. In the VCM Console, select Administration.
2. Click Settings > General Settings > Database.
3. Select one of the following options.
SAS: Should SAS data files be kept on the disk after they have been processed
ETL: Should ETL data files be kept on the disk after they have been processed
4. Look for saved Results.zrp files in a request ID directory under the DSRoot directory.
Run Executable Permissions
The Collector might report that the job succeeded, but show no data. For data to appear, executable files in
/opt/CMAgent/ECMu/x.x/bin need the following permissions.
NOTE The csi_acct name might be different if the Agent is installed using a different account.
VCM Troubleshooting Guide
76
VMware, Inc.