cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

HIPS 8 FW blocking VMDIRD.EXE

With in the VMware 5.5 vSphere server, HIPS FW is blocking the VMDIRD.exe from starting during a reboot, or it takes about 40-60 minutes for it to start. I can see in the HIPS FW Logs that it is being blocked. I am having troubles trying to figure out the FW rule to allow the service to start with out any issues

Has anyone else seen his or can assist in what they did to get the rule to stop inferring with the start up of this service ??

Below is what I am seeing in the logs

Time: 6/23/2015 3:10:09 AM
Event: Traffic
IP Address/User: 127.0.0.1
Description: VMware Directory Service (vmdird)
Path: D:\Program Files\VMware\Infrastructure\VMware\cis\vmdird\vmdird.exe
Message: Blocked Incoming TCP -  Source 127.0.0.1 :  (60054)  Destination 127.0.0.171 :  (50001)
Matched Rule:vCenter CAG/LAG Rules
3 Replies
Highlighted

Re: HIPS 8 FW blocking VMDIRD.EXE

After looking at the FW rules set for the vCenter I had the below entries set to allow for loop back

local networks

::1

127.0.0.1

127.0.0.1/8

I didn't have anything set for local loop back on the remote network side with in the FW rule. I went and edited the rule and for remote network with in the allow loop back rule, I added the above but with in the remote network.

Restart the vSphere server and the VMDIRD server stop hanging.

When the rule talk about the remote networks,I take it for the rule destination is the IP the application is attempting to reach, which it doesn't matter if its local to the box or not ?

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 4

Re: HIPS 8 FW blocking VMDIRD.EXE

Hi

The loopback rules was removed from HIPS in one of the older SP (sp2 I think). If you need them (most will), you need to create yourself (as you just did)

Regards

Claus

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: HIPS 8 FW blocking VMDIRD.EXE

For your reference, see below.  It is suggested to have the ALLOW LOOPBACK rule at the top of the firewall rule policy.  You will also need to modify it for non-standard 127.x.x.x IP addresses, if needed, as your blocked network traffic example shows above.

KB71230 - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enabled

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community