Rahul Priyadars
Giga Sage
Giga Sage

Hi All 

Just wanted to highlight some Quick  contents on Vmware Venter Discovery. Screenshots are attached also.

(1) Ports Need:- 

Source IP - Mid Server

Destination IP - VCenter IP

vmapp6_https: 9443 ,vmapp_https: 5480, https-443 , WMI Ports - 135 and Higher Range

(2) Discovery User Details- Domain user and VMware credentials must have read-only role and License Admin privilege in vCenter

(3) Create Credential - Type - Vmware Vcenter credential 

find_real_file.png

(4) Test Credentials

find_real_file.png

Credential Test Result should be OK else troubleshoot it.

find_real_file.png

 

Note:- User which is used in CREDS make sure you are able to Login into Vcenter using Vcenter Login URL.

(5) Run a Quick Discovery using Mid Server and VCenter IP

It Should Look like This.

find_real_file.png

find_real_file.png

After Discovery is Complete You can check data in Class cmdb_ci_vcenter. From here you can traverse to Other Sub classes and relationships.

 

find_real_file.png

 

Useful KB - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0813327

Hope This Helps.

Regards

RP

 

Comments
prateek prashar
Tera Contributor

Crisp content. Very very helpful.

Rahul Priyadars
Giga Sage
Giga Sage

🙂

Juhi Batra1
Tera Contributor

Nice Article.

Rahul Priyadars
Giga Sage
Giga Sage
Thanks
akashfinning
Tera Contributor

Thanks @Rahul Priyadars , this is very detailed information.

Still we are getting stuck in classification phase with error 

Sensor error when processing HTTP - Classify: No sensors defined

Can you please help me ?

Canjura
Tera Expert

Hi @Rahul Priyadars

 

I have a DOMAIN\User that has been granted Read-Only access on the vCenter.

That ID is stored in CyberArk so I created a 'vmware' credential selecting the "External credential store" check box. Is that a valid configuration or what I'm trying to do is not allowed?

Test credentials or discovery job are failing.

 

Thanks.

Rahul Priyadars
Giga Sage
Giga Sage

I have a DOMAIN\User that has been granted Read-Only access on the vCenter.---Are u able to login on Vcenter URL using this?

Canjura
Tera Expert

I used to do it on my previous job... it seems that here I can only use UPN to log into those vCenters, so I guess I'll have to request a new ID in the safe (UPN) before I can really test it.

Canjura
Tera Expert

It took me a while, but I got a new ID and set it up in CyberArk, let's call it "nw_user@domain.com".

I can log into the vCenter with the ID, but when I create the external credential in our instance the "Test Credential" (and the discovery job) fails. When I log into the vCenter from the browser I'm manually retrieving the password from the safe, so it's the same one used by the MID.

I can see the MID server retrieving the password from the safe (log entry below), but I can't still discover the vCenter.

 

CyberArk Appaudit.log:

[06/04/2023 | 13:16:09] | :: | APPAU001I Provider Prv_SERVERX has successfully fetched password [safe=OUR_SAFE,folder=Root,name=nw_user@domain.com] with query [safe=OUR_SAFE;folder=root;object=nw_user@domain.com] for application [OUR_APP]. Fetch reason: []

 

What am I missing now?

Thanks in advance.

akashfinning
Tera Contributor

I struggled in my initial days too much and probably you can see the comments at the beginning of this chat. Let me help you to follow something to figure out this.
1. First check local read only account created to access on those vCenters. 

2. Take the IPs of vCenter from your global virtual team (There may be multiple vCenters)

3. Take the username and password from the team and create VMware credentials (You may need multiple so discuss with your team if these are specific based on the locations)

4. Test the credentials first (Don't move further if this is failed and go back to your GVC team they can only help you. Sometimes there is firewall blockage, sometimes the vCenter is decommissioned)

5. Once successful then do a quick discovery on one of the vCenter IPs, it will discover some hosts then you are successful.

6. Probably you will see a error which I struggled that missing sensor from a probe. If this occurs then add appropriate sensor to that probe. Raise a HI ticket if you can't do it, they will import sensor and add to your probe.

 

Hope this helps and mark my answer as helpful.

Canjura
Tera Expert

Hi @akashfinning 

 

Thanks for the information, everything works fine (steps 1-5) if I use "local" credentials (by "local" I mean a credential entry in the ServiceNow instance, and not selecting the "External credential store"), but when I set an "external" credential for that ID the Test Credential and the Discovery job fail.

I need to Discover the vCenter using the external (CyberArk) credentials, and that's what I'm struggling with here. 

 

Thanks

JC

akashfinning
Tera Contributor

We are using External Cyber Ark Delinea and all works fine, my setup has done by our ServiceNow admin in Delinea. You need to further check with Delinea company or ServiceNow admin

Sorry can't help you further on this 🙂

Canjura
Tera Expert

I finally found the solution for this issue, perhaps is not your case but I wanted to share our fix.

SN will match the "Credential ID" to the "Name" in the CyberArk side, and then Discovery will use "Hostname" (from CyberArk) as the domain name to build the credential used by the job.

From the Agent log:

 

CyberArk credential retrieved via credential ID ServiceID_Name
Looking up domain name using prop PassProps.LogonDomain
Returned domain name is DOMAIN.com
Username after prepending domain name from domain property: DOMAIN.com\ServiceID_Name
Returning username: 'DOMAIN.com\ServiceID_Name'

 

In my case, the "Hostname" in the CyberArk side was just set as "DOMAIN" instead of "DOMAIN.com".

Once we added the ".com" everything worked as expected. 

 

Thanks.

 

ottseba
Tera Explorer

Hi,

 

first of all thanks for this great content!

In my case the VMware Probe is not even startet. Shazzam is unable to classify the vCenter so it only tries to login using SSH credentials and then stops.

I've successfully added the vCenters, Event Collectors are working fine, I can log in using my VMware Credentials, I can access the vCenters using telnet from the MID...

Have you got an idea?

 

Thanks!

Sebastian

ottseba
Tera Explorer

Hi,

 

we've just figured out that this was a networking error. The necessary ports 5480 and 9443 were blocked to the vCenters. Still unclear for me why it received VMs at first but in 75% without information like IPs or the sizing but I'll not touch it as it finally works as expected 😉

 

Greetings

Sebastian

jarl-steph
Tera Contributor

Very Helpful

Version history
Last update:
‎12-08-2021 02:05 AM
Updated by: