With in the VMware 5.5 vSphere server, HIPS FW is blocking the VMDIRD.exe from starting during a reboot, or it takes about 40-60 minutes for it to start. I can see in the HIPS FW Logs that it is being blocked. I am having troubles trying to figure out the FW rule to allow the service to start with out any issues
Has anyone else seen his or can assist in what they did to get the rule to stop inferring with the start up of this service ??
Below is what I am seeing in the logs
|Time:||6/23/2015 3:10:09 AM|
|Description:||VMware Directory Service (vmdird)|
|Message:||Blocked Incoming TCP - Source 127.0.0.1 : (60054) Destination 127.0.0.171 : (50001)|
|Matched Rule:||vCenter CAG/LAG Rules|
After looking at the FW rules set for the vCenter I had the below entries set to allow for loop back
I didn't have anything set for local loop back on the remote network side with in the FW rule. I went and edited the rule and for remote network with in the allow loop back rule, I added the above but with in the remote network.
Restart the vSphere server and the VMDIRD server stop hanging.
When the rule talk about the remote networks,I take it for the rule destination is the IP the application is attempting to reach, which it doesn't matter if its local to the box or not ?
The loopback rules was removed from HIPS in one of the older SP (sp2 I think). If you need them (most will), you need to create yourself (as you just did)
For your reference, see below. It is suggested to have the ALLOW LOOPBACK rule at the top of the firewall rule policy. You will also need to modify it for non-standard 127.x.x.x IP addresses, if needed, as your blocked network traffic example shows above.
KB71230 - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enabled