cancel
Showing results for 
Search instead for 
Did you mean: 
gph12
Level 7
Report Inappropriate Content
Message 1 of 3

HIP Firewall Blocks VMware vCenter Server

Hello,

I'm hoping someone can help with this ongoing issue. We have a problem with McAfee Host Intrusion Prevention 8.0.0 Patch 8 Build 3828 blocking VMware vCenter Server service from starting up on Windows 2008 R2 server. When I turn it off the firewall but leave on IPS and Network IPS, vCenter starts up.

When I put the firewall in learn mode, vCenter starts up without a problem because all applications and ports are allowed.

When I put it in Adaptive mode, vCenter does not start up.

The two applications\ports that are getting blocked are:

  • Microsoft.Active.Directory.WebServices (Micrsoft.ActiveDirectory.WebServices.exe) \ldap 389 . Source and Destination are both 127.0.0.1, the IPV4 loopback address.   
  • Active Directory Lightweight Directory Services (dsamain.exe) \ Port 55966 on Source. Port 389 on Destination. Source and Destination are both 0000:0000:0000:0000:0000:0000:0001, the IPV6 loopback address. IPV6 is disabled on the system.

The strange thing is that both of the applications are trusted and should be allowed by the firewall.

I did check the threats to the system. None showing. I've completely removed HIPs and re-installed it.

I'd appreciate any suggestions. Thanks.

Greg

2 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: HIP Firewall Blocks VMware vCenter Server

When I put the firewall in learn mode, vCenter starts up without a problem because all applications and ports are allowed.

FYI, HIPS Learn mode does not allow all traffic.  It works the exact same as Adaptive mode, except for Learn mode displays user prompts to ALLOW/BLOCK traffic, whereas Adaptive mode is an automatic ALLOW choice.

The two applications\ports that are getting blocked are:

  • Microsoft.Active.Directory.WebServices (Micrsoft.ActiveDirectory.WebServices.exe) \ldap 389 . Source and Destination are both 127.0.0.1, the IPV4 loopback address.   
  • Active Directory Lightweight Directory Services (dsamain.exe) \ Port 55966 on Source. Port 389 on Destination. Source and Destination are both 0000:0000:0000:0000:0000:0000:0001, the IPV6 loopback address. IPV6 is disabled on the system.

You should have a firewall rule that always allows Loopback traffic through the Firewall; this applies to IPv4 127.0.0.1 (and possibly 127.0.0/8) traffic, and possibly IPv6 loopback traffic ::1 address.  See McAfee Corporate KB - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enable...​.

The strange thing is that both of the applications are trusted and should be allowed by the firewall.

FYI, HIPS Trusted Application rule only allow Outbound traffic though; this does not apply to Inbound traffic (create a separate rule to allow Inbound traffic).

I did check the threats to the system. None showing. I've completely removed HIPs and re-installed it.

FYI, HIPS does not generate "Threat" events for Firewall activity (Blocked/Allow traffic).  Monitor the HIPS Activity log for ALLOWED/BLOCKED traffic (enable the LOG ALL ALLOWED/BLOCKED TRAFFIC filter options as needed).

gph12
Level 7
Report Inappropriate Content
Message 3 of 3

Re: HIP Firewall Blocks VMware vCenter Server

That was it: Allow Loopback.

That solved my problem. Thank you very much. We've been searching for an answer for that for a long time. We also had the same issue with DNS.

Thanks again,

Greg

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community