Vmware Vcenter Discovery - Quick and Crisp

Crisp content. Very very helpful.

🙂

Nice Article.

Thanks @Rahul Priyadars , this is very detailed information.

Still we are getting stuck in classification phase with error 

Sensor error when processing HTTP - Classify: No sensors defined

Can you please help me ?

See if this URL is of Any Help for u

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0813327

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0547844

Regards

RP

Hi @Rahul Priyadars, 

I have a DOMAIN\User that has been granted Read-Only access on the vCenter.

That ID is stored in CyberArk so I created a 'vmware' credential selecting the "External credential store" check box. Is that a valid configuration or what I'm trying to do is not allowed?

Test credentials or discovery job are failing.

Thanks.

I have a DOMAIN\User that has been granted Read-Only access on the vCenter.---Are u able to login on Vcenter URL using this?

I used to do it on my previous job... it seems that here I can only use UPN to log into those vCenters, so I guess I'll have to request a new ID in the safe (UPN) before I can really test it.

It took me a while, but I got a new ID and set it up in CyberArk, let's call it "nw_user@domain.com".

I can log into the vCenter with the ID, but when I create the external credential in our instance the "Test Credential" (and the discovery job) fails. When I log into the vCenter from the browser I'm manually retrieving the password from the safe, so it's the same one used by the MID.

I can see the MID server retrieving the password from the safe (log entry below), but I can't still discover the vCenter.

CyberArk Appaudit.log:

[06/04/2023 | 13:16:09] | :: | APPAU001I Provider Prv_SERVERX has successfully fetched password [safe=OUR_SAFE,folder=Root,name=nw_user@domain.com] with query [safe=OUR_SAFE;folder=root;object=nw_user@domain.com] for application [OUR_APP]. Fetch reason: []

What am I missing now?

Thanks in advance.

I struggled in my initial days too much and probably you can see the comments at the beginning of this chat. Let me help you to follow something to figure out this.
1. First check local read only account created to access on those vCenters. 

2. Take the IPs of vCenter from your global virtual team (There may be multiple vCenters)

3. Take the username and password from the team and create VMware credentials (You may need multiple so discuss with your team if these are specific based on the locations)

4. Test the credentials first (Don't move further if this is failed and go back to your GVC team they can only help you. Sometimes there is firewall blockage, sometimes the vCenter is decommissioned)

5. Once successful then do a quick discovery on one of the vCenter IPs, it will discover some hosts then you are successful.

6. Probably you will see a error which I struggled that missing sensor from a probe. If this occurs then add appropriate sensor to that probe. Raise a HI ticket if you can't do it, they will import sensor and add to your probe.

Hope this helps and mark my answer as helpful.

Hi @akashfinning 

Thanks for the information, everything works fine (steps 1-5) if I use "local" credentials (by "local" I mean a credential entry in the ServiceNow instance, and not selecting the "External credential store"), but when I set an "external" credential for that ID the Test Credential and the Discovery job fail.

I need to Discover the vCenter using the external (CyberArk) credentials, and that's what I'm struggling with here. 

Thanks

JC

We are using External Cyber Ark Delinea and all works fine, my setup has done by our ServiceNow admin in Delinea. You need to further check with Delinea company or ServiceNow admin

Sorry can't help you further on this 🙂

I finally found the solution for this issue, perhaps is not your case but I wanted to share our fix.

SN will match the "Credential ID" to the "Name" in the CyberArk side, and then Discovery will use "Hostname" (from CyberArk) as the domain name to build the credential used by the job.

From the Agent log:

CyberArk credential retrieved via credential ID ServiceID_Name
Looking up domain name using prop PassProps.LogonDomain
Returned domain name is DOMAIN.com
Username after prepending domain name from domain property: DOMAIN.com\ServiceID_Name
Returning username: 'DOMAIN.com\ServiceID_Name'

In my case, the "Hostname" in the CyberArk side was just set as "DOMAIN" instead of "DOMAIN.com".

Once we added the ".com" everything worked as expected. 

Thanks.

Hi,

first of all thanks for this great content!

In my case the VMware Probe is not even startet. Shazzam is unable to classify the vCenter so it only tries to login using SSH credentials and then stops.

I've successfully added the vCenters, Event Collectors are working fine, I can log in using my VMware Credentials, I can access the vCenters using telnet from the MID...

Have you got an idea?

Thanks!

Sebastian

Hi,

we've just figured out that this was a networking error. The necessary ports 5480 and 9443 were blocked to the vCenters. Still unclear for me why it received VMs at first but in 75% without information like IPs or the sizing but I'll not touch it as it finally works as expected 😉

Greetings

Sebastian