2 Replies Latest reply on Jan 9, 2013 2:22 PM by Ryan012

    Testing the Trial - VM resolving issues?

    Rookie

      Does Protect Advanced support multiple subnets and domains, or do I need a one copy per domain?

       

      Sometimes a VM is resolved using a IP address, and sometimes it uses the name of the VM, and looks at the domain to see what IP it is.

       

      First this is what I am doing.  The environment that I am testing on has our Beta test, dev and some management VMs (each on their own subnet and own domains).  Protect Advanced is installed on 192.168.51.108 and I want to scan and patch the other subnets as well (192.168.21.x, 192.168.11.x, etc).  I am testing with a couple of VMs on the .51.x and .21.x networks (2 on each network). 

       

      I can scan all 4 VMs fine (when I add the VMs by IP address.  If I add vCenter and select a VM I have issues).  But I can only do a test deploy with the VMs on the .51.x network (same network as the Protect Advanced is installed on).  The VMs on the .21.x network fail with the message 'Could not connect to remote machine via ICMP.  The machine may be off the network, turned off, or a network cable is unplugged'.  I can ping the VMs fine.  I checked vShield and our firewall, but could not see any issues.  Then I installed Wireshark in the Protect Advanced VM.

       

      I found it it was quering the domain first to get the IP of the VM.  But the VM I wanted to test deploy is on a separate domain, so the domain reply gave a incorrect IP address (192.168.1.x).  It gave this address as the VM name matched the production VM (the one I am testing is the dev one).  So I changed the dev VM name, removed then re-added it to Protect Advanced.  Still failed as it could not resolve the name.

       

      So, does Protect Advanced support multiple subnets and domains?  Is my setup somehow wrong?  Is there a way to make the program query by IP instead of computer name?  This is all just the patches - I still have to look at the anti-virus!

       

      Thanks

        • 1. Re: Testing the Trial - VM resolving issues?
          SupportEmployee

          Hello,

           

          The short answer is that, yes, Protect does support multiple subnets/domains.

           

          The main thing along with this is that you need to meet all scanning prerequisites for Protect and be able to properly resolve the machines regardless of what subnet/domain they are in.

           

          In the issue you pointed out below it seems that you're only having trouble when you have the VM's added via the "Hosted Virtual Machines" tab within your machine group. The difference with this option is that you are resolving the VM host rather than the individual VM itself. Then the host enumerates the VM's.

           

          Some suggestions:

          -Ensure that you have clicked the "Refresh Server" button before adding VM's to the group when adding via the "Hosted Virtual Machines" tab.

          -Verify that correct credentials are supplied for the VM's added to the group.

          -Check the scanning and deployment prerequisites from the Help menu within Protect:

           

          Help > Contents > Agentless Patch  Management Tasks > Performing Patch Scans > Scanning  Prerequisites

           

          Help > Contents > Agentless Patch  Management Tasks > Deploying Patches > Patch Deployment  Prerequisites

           

           

          I hope this helps. If you need further assistance I'd suggest contacting support directly for this issue.

          • 2. Re: Testing the Trial - VM resolving issues? (multiple domains)
            Rookie

            Finally got it sorted after a lot of back and forth with support.

             

            Issue:

            Scanning, patching and deploying the agent across multiple domains and VMs not on a domain.

             

            Fixed:

            *  Add VMs by IP

            *  VMs not on the same domain as the console need a entry in the consoles Host file, or a static entry in the consoles domains DNS record.  Note:  vms   need different computer names (this could be a issue if one domain is dev, one is beta, etc).

            *  Need a credential per domain.  For machines not on a domain (web facing VMs) they need a local login.

            *  Copy agent to VMs not on a domain, then do the registration from there.  VMs on a domain it can be pushed from the console.

            *  There is two sets of credentials - one in the pop up machine group window (admin) and another when you view by machine view and right click a VM and select machine properties.

             

            Hopes this helps other people.