VMware ESXi Syslog Errors – ‘System logs on host {host-name} are stored on non-persistent storage.’

KB ID 0000456 

Problem

Syslog Error Seen on ESXi 6.0 and 6.5

System logs on host {host-name} are stored on non-persistent storage.

Syslog Error Seen on ESXi 5.1

Error Configuration Issues System logs on host {host-name} are stored on non-persistent storage.

Syslog Error Seen on ESXi 5

Error Configuration Issues System logging is not configured on host {host-name}.

Syslog Error Seen on ESXi 4

Error Configuration Issues Issue detected on {host-name}: Warning: Syslog not configured. Please check Syslog options under Configuration.Software.Advanced Settings.

Solution

Seen on ESXi hosts that boot from an internal SD card, (or USB Drive.)  ESXi likes to have some persistent storage to keep its logs on.

To stop this error you need to give it a location for the logs. That location is setup as follows;

ESXi (Post Version 6) Setting a Syslog Location

First, create a folder on some shared storage to save you logs into, below you can see my datastore name is [iSCSI-RAID5-SAS], and Ive created a folder called ‘Logs’

Select the host with the error > Configure > Advanced System Settings > Type ‘Global’ in the search criteria > Locate Syslog.Global.LogDir > Select it > Edit.

Once again, search for Global and change the location to [DATASTORE-NAME]Logs\HOST-NAME > OK.

The error should cease immediately, without the need to restart anything.

ESXi (Pre Version 6) Setting a Syslog Location

With an ESXi host selected, Configuration > Advanced Settings > Syslog > Syslog.global.logDir.

Here you have two options,

Option 1 Store the Syslogs on the SD Card

Note: If you have built the ESXi Server from a manufacturers ESXi DVD (the HP build for example) there may not be enough room on the SD card for the logs.

In the example below, I’ve got an ESXi host, that’s running ESXi from an SD card (4GB) and I’ve put the syslog on there by using the default entry of;

[box][]/scratch/log[/box]

Click OK > After a couple of seconds the alert will disappear (without the need to reboot).

Option 2 Store the Syslogs on Local or Shared Storage.

ESXi 5 Putting the syslog onto a DataStore

With an ESXi host selected, Configuration > Storage > On a datastore, right click > Browse Datastore > Select the new folder icon > call the folder LOGS > OK.

Note: In this example I’m storing the syslog on local storage (on the ESXi host) if you have shared storage , i.e. a SAN or NAS, I suggest you create a sub-folder for each ESXi host within the LOGS directory and set the path on each host accordingly. This will take effect without a reboot and the error should cease.

ESXi 4 Putting the syslog onto a DataStore

In this case I created a syslog area on one of the shared data stores.

With an ESX host selected, Configuration > Storage > On a datastore, right click > Browse Datastore > Select the new folder icon > call the folder syslog > OK.

Then select Advanced Settings > Syslog > Enter a value in the following format:

[datastore]/syslog/hostname.log

i.e. [Volume 3]/syslog/esx2.log

3. Click OK, you should not need to reboot, the error should cease straight away.

Related Articles, References, Credits, or External Links

Original Article Written 22/11/12

McAfee ePO – Client Firewall Exceptions to Allow Agent Deployment

KB ID 0000952 

Problem

It’s been a while, since I deployed ePO, and as I’ve got a big McAfee roll-out coming up I thought I’d better run it up on the test bench and see how much it’s changed since version 4. As the prospective client is going to use Server 2012 and Windows 8, that’s what I tested it with.

Despite my best efforts the the McAfee agent (8.6) refused to deploy to the clients as long as I had the windows firewall on. A quick Google turned up a myriad of suggestions for ports and services, and most of them were for older versions of ePO or were simply incorrect.

Solution

Basically you need to to do two things with the firewall;

  • Allow in ICMP echo requests
  • Allow in File and Printer sharing

Set Firewall to Allow McAfee Agent deployment via Group Policy

This is the simplest option, especially if you have a lot of client to deploy to.

1. On your Domain Controller > Launch the Group Policy Management Console > Create a new policy (or edit an existing one), that is linked either to the root of the domain, or the OU that your computers are in.

2. Edit The policy, and navigate to;

[box]Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall: Allow ICMP exceptions[/box]

3. Set to Enabled > Select ‘Allow inbound echo request’ > Apply > OK.

4. In the same location select ‘Windows Firewall: Allow inbound file and printer sharing exception’.

5. Enable this policy > Then enter the IP address of the ePO server > Apply > OK.

6. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them. Then Re-deploy your McAfee agent.

Set Firewall to Allow McAfee Agent deployment on an Individual Machine

1. Windows Key +R > cmd {Enter} > firewall.cpl {Enter}.

2. Allow an app or feature though Windows Firewall.

3. Locate ‘File and Printer Sharing’ and enable (Note: Here I’ve enabled for Domain, Public, and Private, you may only want to select Domain) > OK.

4. Advanced Settings > Inbound Rules > New Rule.

5. Custom > Next.

6. All Programs > Next.

7. Protocol Type = ICMPv4 > Customize > Echo Request > OK > Next.

8. Enter the IP address of your ePO server > Next.

9. Allow the connection > Next.

10. Select as appropriate > Next.

11. Give the rule a sensible name > Finish.

12. Re-deploy your McAfee agent.

Related Articles, References, Credits, or External Links

NA