Tuesday, January 26, 2016

Finding IP on a problematic vCenter session (10 second version)

A user complains vCenter is locking him out. He "turns off everything" but still the domain controller reports the vCenter IP for the lockout source (this is a 5.0 vCenter, I don't know if this changed later).

Checking vCenter the user doesn't have any processes (hey, it could be the case) but he does show up in the vCenter logs. Alas, I don't see an IP in the logs. I google why and I find these links:

https://communities.vmware.com/thread/296871?start=0&tstart=0

http://www.virtuallyghetto.com/2010/12/how-to-identify-origin-of-vsphere-login.html

The great William Lam offers awesome explanations (he is really awesome) on how to enable verbose logging and finding out everything about each session. In the first link, however, a simpler/much faster/no change required answer appears by user aorady (which wasn't labeled as the answer).

The vCenter event view always shows IP for failed logins in form of

"Cannot login domain\username@XXX.XXX.XXX.XXX"

So, if you just needed the IP, you are good to go. There's lots of ways to do things, but finding a fast and simple way can be a big help.

No disrespect to William - I bet his explanation will come handy for a much wider variety of cases, especially if the user is having several sessions and you just need to track one.

No comments:

Post a Comment