I keep running into this one error trying to set up Data Recovery. I have it installed and the appliance imported. I go into the Solutions and Applications section and the VMware Data Recovery screen. I put in the IP of the appliance and click connect. It asks me for the password for the vSphere server and while that prompt is up, it shows an "Authentication failed" error. Once I enter that password, every time I click connect for the rest of my vSphere session, I'll get this error:

Error: Could not log onto the server. The connect attempt timed out. Please make sure that the Data Recovery Appliance is turned on

It is, of course turned on and I can go to the web interface, log in and click around fine. Not sure what I could be missing. Is there a specific port it's trying to connect on that I could test out? I'm at a loss as to why it would break at this point.

-Daniel

Hi

I feel like this question should be answered in at least ten knowledgebase articles and other documentations, yet i seem to be unable to find any of them ...

I have BackupExec 2010 and vSphere 4.0 Enterprise Plus (3 ESX 4 servers). So far, I've been testing the nbd transport mode, which works, but gets slow sometimes on VMs with disks >100GB (i read that this is a problem with the service console of vmware esx 4 - not sure though).

Anyhow, since I have all the necessary hardware on site, i thought i could as well connect the server running backupexec (and vsphere server) to the san directly using FC...

... but i can't find a guide, neither from vmware nor from backupexec nor EMC, on what i should pay attention while doing this. Those questions came up before I've even touched the FC-Controller:

- vsphere 4.0 has this storage API thingy ... backupexec 2010 apparently supports it. does that mean that i don't have to install vmware VCB?

- I'm running backupexec 2010 and vSphere Server on the same box...any problems with that?

- i feel really uncomfortable that windows might write something to my vmfs luns, and destroying them with it... (like auto-signing or auto-initializing of new disks). how do i prevent windows from doing so?

- i read about a problem with multi-pathing and san backup mode ... i could just install EMC powerpath, which would handle the multipathing. does that work with vsphere storage api?

any answers (or links to documents i'm apparently unable to find) are very much appreciated.

best regards,

Has anyone actually been able to tell if the reclaim job actually does anything to reclaim space because my storage usage only increases and never shrinks in size.  I've even decided to do a test where I deleted ALL restore points for ALL VMs so there was absolutely no restore points left not even one, delete all backup schedules so no backups are done and then I reboot the VDR and waited for it to run its recatalog job then the reclaim job and then the integrity check job and after all was done which took about 3 days to complete, I looked at the storage locations and all 200+GB of SLAB and DAT files were still there.  So again I ask how do you shrink the amount of data that is NOT being used anymore?

Hi

I'm trying to backup my virtual DC, running Server 2008 R2. The Computer has all windows updates and Vmware Tools installed. When creating a snapshot (quiesce guest file system is active, but snapshop the VM's memory is not), the creation of the snapshot succeeds, but i get an error and a warning in the event viewer of the VM. The errors are triggered during the snapshot processing.

The error and warning are followed by a series of informational ESENT-Events, freezing all other Shadow copy instances. So the lsass AD is the only one raising an error.

-

Error 489, Source ESENT:

lsass (480) An attempt to open the file "c:\Windows\NTDS\ntds.dit" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

-

Warning 8229, Source VSS:

A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error.  If the backup process is retried,

the error is likely to reoccur.

. Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer.

Operation:

   PostSnapshot Event

Context:

   Execution Context: Writer

   Writer Class Id: {b2014c9e-8711-4c5c-a5a9-3cf384484757}

   Writer Name: NTDS

   Writer Instance ID: {8231a194-b132-41b1-97e9-7c3f8333780d}

   Command Line: C:\Windows\system32\lsass.exe

   Process ID: 480

-

Because of that, I'm afraid that the backup of my AD might be inconsistent.

Any ideas on how to resolve this?

Thanks in advanced!

Hey all,

just want to warn everyone that is considering to use Acronis vmprotect in their environment. Initially we used veeam and everything was fine. After we growth we must extend our licenses and we made terrible mistake ... where we changed to Acronis vmprotect - mainly because of price. This product is not working at all (backups are failing quite often for several unknow (even to Acronis "support") reasons). Support is 1 big tragedy .... they are working for more than 1 month and doing nothing than just talking and suggestng craps ... however no solution. Of course the problem is everywhere else just not the Acronis .... vmware, backup storage .... etc. So really .. if you want to stay away from troubles with your backups go for veeam, DP, windows backup or whatever else backup solution just not the Acronis vmprotect. Try to learn from others mistakes ...   Now we have not working backups and they are refusing to return the money.

This is a bit of a strange issue and I haven't been able to find any evidence of similar reports.  Maybe someone smarter than myself can point me in the right direction.

I have been having trouble making quiesced snapshots with one of our linux virtual machines.  Unquiesced snaps seem to work fine(but are not ideal).  I have installed the latest vmware-tools and enabled the vmsync driver at install.  But whenever I attempt a quiesced snapshot it fails almost immediately.  I enabled debugging for vmware-tools, and below is a excerpt from that logfile.

Any help would be greatly appriciated!

Hi,

While we try to use FLR for restoring the backup from VDP we are getting the following error message

Failed to browse backup '<folder name>'. Unable to browse as proxies are unavailable

This is happening while we  are browsing the mounted disk for restoring a folder or some files.

We are using VDP version 5.5.1.356. The ESX and other items are version 5.5.1

Please see the attached screenshot also.

Is there anybody who know why this is happening?. Please help as I tried Google and no help from there

Hi,

Has anyone tried to limit concurrent backups?

Default number (8) is just too much for our NAS and i'd like to have 4 or even 2 backups running at the same time.

Jeff Hunter mentions that it's possible:

Setting the record straight on VMware vSphere Data Protection | VMware vSphere Blog - VMware Blogs

"It is possible to change the number of proxies in use by running the registerproxy.sh script located in /usr/local/avamarclient/etc/. Please understand this is something that has not been tested and it is NOT SUPPORTED."

If someone has actually been able to do this I'd like to hear how it's done.

Thanks!

VDP appliance oldest checkpoint as validated not latest checkpoint are validated. Any process to check specific checkpoint manually?

Thanks in advance.

Hi, we have a problem with backup via TSM.

What we have:

Windows Server 2008SP2

Vcenter 4.1

TSM – 6 version – Client and Server install on one Server with Vcenter

12 VM’s

Problem:

We have a problem only with one VM, and it’s don’t care goes itfirstor lastin the backup list. When Vcenter prepare snapshot which will be write via TSM, we have a few error messages.

From TSM client - dsmsched.log:

03/01/2014 23:07:15 Backup of Virtual Machine 'app'

03/01/2014 23:07:15 Mount virtual machine disk on backup proxy for VM 'app'

03/01/2014 23:07:15

Executing Operating System command or script:

   vcbMounter -h 192.169.***.*** -u backup -p **** -a ipaddr:app.ru -r "e:\mnt\fullvm\app\BACKUP_CURRENT" -t fullvm

03/01/2014 23:07:36 Finished command.  Return code is: 1

03/01/2014 23:07:36

03/01/2014 23:07:36

03/01/2014 23:07:36 Mount virtual machine disk on backup proxy for VM 'app'

03/01/2014 23:07:36

Executing Operating System command or script:

   vcbMounter -h 192.169.***.*** -u backup -p **** -a ipaddr:app.ru -r "e:\mnt\fullvm\app\BACKUP_CURRENT" -t fullvm -m nbd

03/01/2014 23:07:43 Finished command.  Return code is: 1

03/01/2014 23:07:43 ANS9265E Failure mounting Virtual Machine 'app' with vcbMounter command. RC=1

03/01/2014 23:07:43 ANS9264E Incremental backup of Virtual Machine 'app' failed with RC 1

And from VPXD logs:

[2014-03-01 23:07:35.907 04700 info 'App' opID=8e388aaa] [VpxLRO] -- BEGIN task-internal-6184 -- vm-42 -- vim.Task.GetInfo -- 5AF36BF8-BE74-400D-BCCB-DBA196F71B53(6FAF0F8D-9F23-4694-B77E-185634CB812C)

[2014-03-01 23:07:35.908 01696 info 'App' opID=46b9242b] [VpxLRO] -- FINISH task-49283 -- vm-42 -- vim.VirtualMachine.createSnapshot -- 5AF36BF8-BE74-400D-BCCB-DBA196F71B53(6FAF0F8D-9F23-4694-B77E-185634CB812C)

[2014-03-01 23:07:35.908 01696 info 'App' opID=46b9242b] [VpxLRO] -- ERROR task-49283 -- vm-42 -- vim.VirtualMachine.createSnapshot: vim.fault.Timedout:

I found only one KB, but it doesn’t work for our problem. 

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004790

In IBM KB I can’t find anything helpful about ANS9265E and ANS9264E errors.

Please tell me if you need any log or system information.

Hello,

I'm searching your help to my VDP appliances, because the checkpoint end with errors and backup's fail with the error "An unexpected error occurred with the following error code: 10014".

After searching this and I found this procedure to run checkpoint manualy

VMware KB: VMware vSphere Data Protection 5.1 manual integrity check fails with the error: An integrity check could …

But the checkpoint stop in the last stripe unsuccessfully.

This is my status.dpn

Mon Oct 13 15:00:19 WEST 2014  Mon Oct 13 14:00:19 2014 UTC (Initialized Fri May 23 14:50:42 2014 UTC)

Node   IP Address     Version   State   Runlevel  Srvr+Root+User Dis Suspend Load UsedMB Errlen  %Full   Percent Full and Stripe Status by Disk

0.0                            7.0.80-165  ONLINE fullaccess mhpu+0hpu+0hpu   2 false   0.09 3781 10958369   5.1%   5%(onl:214,ERR:1)  5%(onl:214)  5%(onl:212)

Srvr+Root+User Modes = migrate + hfswriteable + persistwriteable + useraccntwriteable

All reported states=(ONLINE), runlevels=(fullaccess), modes=(mhpu+0hpu+0hpu)

System-Status: ok

Access-Status: full

ERROR 1 stripes OFFLINE_MEDIA_ERROR

Checkpoint failed with result MSG_ERR_OFFLINE : cp.20141013105251 started Mon Oct 13 11:52:51 2014 ended Mon Oct 13 11:53:51 2014, completed 486 of 641 stripes

No GC yet

No hfscheck yet

Maintenance windows scheduler capacity profile is active.

  The maintenance window is currently running.

  Next backup window start time: Mon Oct 13 20:00:00 2014 WEST

  Next maintenance window start time: Tue Oct 14 08:00:00 2014 WEST

Thank's in advance

Hello,

as stated above my backup job is failing and I don't know why.

From the vSphere Web Client I get the following message on the task console:

And from the logs I deducted that the important part is the one below:

/usr/local/avamarclient/var/Backup_test....log

All my software if version 6.0.

If there is anymore information I can provide please tell me.

I'm getting the failed to remove for one VM in the reports section.  Happened last night on the scheduled BU, and this morning when I did an "on demand" BU.

This particular job has three servers - the failed one is VCenter.

However -

I watched it in VCenter take and remove the snapshot this morning - it's definitely not there.  Not snapshot file in datastore browser or snapshot manager.

I have an image to restore from last night and this morning.

Shows as a failure in the backup tab.

Shows as out of date in the details.

Hello,

I would like to know if it's possible to exclude files or folders when you snapshot a VM.

We want to try to save some space.

We work on Windows environment (2003, 2008 and R2) and vcenter 4.1, Vmware Backup Host and Netbackup 7.

JF,

Hi,

we have vSphere 5. Our vCenter is a virtual machine too. For Backup we use Symantec Backup Exec 2012. In the log files of Backup Exec we get an error message.

Translated to english it tells:

While backup it has been mentioned that on a virtual machine is installed both the VSS Provider of Symntec and that one of VMware. You have to deinstall the VMware VSS Provider.

The virtual machine, on which one the error occurs is the vCenter Server.

Is it a problem if I uninstall the VMware VSS Provider ? Do I loose some functionally without it ?

Regards Wolfgang

Dear all,

I am using ESXi 3.5 (Free version) and I am triailing Veeam Backup & Replication. The most I can get out of it is 5 - 6 Mb/s My VM is 570GB and the whole thing is taking 25 odd hours.

Is this a limitation to the free version or have I go something wrong??

Hi

I've a few questions about VDP. I have to save more than 150 VMs with VDP, so it's important to backup the vms in less time.

Can someone describe the tasks taken in the backup process? (detailed)

Take a Backup of a VM that was backed up on the 30th October and today is backed up again, the backup takes over 1h 30 minutes. Why so long?

Disk Size: 42 GB

Datastore: 6x Lefthand P4300

Backup Datastore: Synology RS810 (4x WD 2TB 24x7)

Disk Speed Test: 100 MB/s read, 80 MB/s write

should also not be the problem..

the load on the syno isn't very high (look the screenshot).

Does anyone have an Idea why its so slow..?

All Network is Gbit...

Dear Team,

We want to transfer one Virtual Machine image from one site to second site, without effecting Source VM. want to know following 2 methods will work ....

Method 1

1) Take clone of Source VM

2) Copy new cloned vm from vmfs datastore to external HDD

3) ship the external hdd to second site

4) Connect external hdd on vcenter converter server

5) restored on any ESX host

or

Method 2

1) Take image backup of Source VM

2) manually copy image backup folder from VCB server to external HDD

3) ship the external hdd to second site

4) Connect external hdd on vcenter converter server

5) restored on any ESX host

want to know which option will be the best or any other options are available to do the needful.

regards

Mr VMware

Hello, i wold like to change the VDP IPTABLES defualt rules.

I Need to close all Incoming traffic except for my network xxx.xxx.xxx.xxx

Someone can show me the best way to do this hardening ?

I have find This:

less /etc/firewall.default

#!/bin/sh

# This is to be installed/run on each of the Avamar nodes on

# the customer network.

# In the case that something goes terribly wrong invoke the command:

# "service avfirewall stop" for SLES or "iptables stop" for RHEL.

# To see if the parameters are loaded run "service avfirewall status"

# on SLES or "iptables -L" on RHEL.

#-- OP_MODE should be set in the /etc/firewall.conf file

if [ -z "$OP_MODE" ]; then

  #-- OP_MODE wasn't set ... just default to FULL

  OP_MODE="FULL"

fi

# 1. Path to the iptables command

IPT=`which iptables`

#sleep 10

MYIP=`hostname -i`

# 2. Flush old rules, old custom tables

$IPT --flush

$IPT --delete-chain

# 3. Set default policies for all three default chains, drop all incoming and

# forwarded packets, allow outgoing packets

# NOTE: Since the "default" policy of the outbound connections is "ACCEPT",

# we do not need any further "OUTPUT" rules (except for the loopback interface)

$IPT -P INPUT DROP

$IPT -P FORWARD DROP

$IPT -P OUTPUT ACCEPT

# 4. Enable free use of loopback interfaces

$IPT -A INPUT -s 127.0.0.1 -j ACCEPT

$IPT -A OUTPUT -s 127.0.0.1 -j ACCEPT

# 5. Allow returning packets

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# 6. Allow ICMP traffic - for network debugging

$IPT -A INPUT -p icmp -j ACCEPT

# 7. Allow DNS and NTP access from any servers

# NOTE: add a "-s <ip address>" before the "-j" to specify which

# DNS and NTP servers may be allowed

#$IPT -A INPUT -p udp --dport 53 -j ACCEPT

#$IPT -A INPUT -p tcp --dport 53 -j ACCEPT

#$IPT -A INPUT -p udp --dport 123 -j ACCEPT

#$IPT -A INPUT -p tcp --dport 123 -j ACCEPT

# 8. Allow everyone to communicate on required ports

#$IPT -A INPUT -p tcp -m multiport --dport 22,80,443,7778,7779,7780,7781,8443,28001 -j ACCEPT

# allow port for MC Web services

#$IPT -A INPUT -p tcp --dport 9443 -j ACCEPT

# allow LDAP and LoginManager connections

#$IPT -A INPUT -p udp -m multiport --dport 389,700 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 389,700 -j ACCEPT

#$IPT -A OUTPUT -p tcp -m multiport --sport 389,700 -j ACCEPT

#$IPT -A OUTPUT -p udp -m multiport --sport 389,700 -j ACCEPT

#

# appliance can talk to itself

#

$IPT -A INPUT -p tcp -s $MYIP -d $MYIP -j ACCEPT

#

# Necessary for VDP to operate

$IPT -A OUTPUT -p tcp -m multiport --sport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A OUTPUT -p udp -m multiport --sport 53,137,138 -j ACCEPT

#

$IPT -A INPUT -p tcp -m multiport --dport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A INPUT -p udp -m multiport --dport 53,137,138 -j ACCEPT

#

$IPT -A INPUT -p tcp -m multiport --sport 7444 -j ACCEPT

#

# open communication on these encrypted ports

#

$IPT -A INPUT -p tcp --sport 443 -j ACCEPT

$IPT -A INPUT -p tcp --sport 9443 -j ACCEPT

#

# gsan ports

#

$IPT -A INPUT -p tcp -s $MYIP -d $MYIP --sport 27000 -j ACCEPT

$IPT -A INPUT -p tcp -s $MYIP -d $MYIP --sport 29000 -j ACCEPT

$IPT -A INPUT -p tcp -s $MYIP -d $MYIP --dport 27000 -j ACCEPT

$IPT -A INPUT -p tcp -s $MYIP -d $MYIP --dport 29000 -j ACCEPT

$IPT -A OUTPUT -p tcp -s $MYIP -d $MYIP --sport 27000 -j ACCEPT

$IPT -A OUTPUT -p tcp -s $MYIP -d $MYIP --sport 29000 -j ACCEPT

$IPT -A OUTPUT -p tcp -s $MYIP -d $MYIP --dport 27000 -j ACCEPT

$IPT -A OUTPUT -p tcp -s $MYIP -d $MYIP --dport 29000 -j ACCEPT

# New filter to stop UDP flooding

#$IPT -I INPUT -p tcp --dport 26000 -m state --state NEW -m recent --set

#$IPT -I INPUT -p tcp --dport 26000 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

# 9. Allow everyone to communicate on GSAN required port ranges

#$IPT -A INPUT -p tcp -m multiport --dport 19000:19500 -j ACCEPT

#$IPT -A INPUT -p udp -m multiport --dport 19000:19500 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 20000:20500 -j ACCEPT

#$IPT -A INPUT -p udp -m multiport --dport 20000:20500 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 25000:25500 -j ACCEPT

#$IPT -A INPUT -p udp -m multiport --dport 25000:25500 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 26000:26500 -j ACCEPT

#$IPT -A INPUT -p udp -m multiport --dport 26000:26500 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 27000:27500 -j ACCEPT

#$IPT -A INPUT -p tcp -m multiport --dport 40000:45000 -j ACCEPT

# possible ports for apache tomcat mod_jk proxy tool

#$IPT -A INPUT -p tcp -m multiport --dport 8543,8580 -j ACCEPT

# 10. Allow SNMP traffic

# management console traffic

#$IPT -A INPUT -p udp --dport 161 -j ACCEPT

# data domain traps traffic

#$IPT -A INPUT -p udp --dport 162 -j ACCEPT

#

# Allow everyone communication on ports 27000/27001/27002

# NOTE: should this ONLY be for localhost and would be covered by rule 4

#$IPT -A INPUT -p tcp -m multiport --destination-port 27000,27001,27002 -j ACCEPT

# 11. Allow everyone to communicate in on ports 29000/29100 for stunnel

#$IPT -A INPUT -p tcp -m multiport --destination-port 29000,29100 -j ACCEPT

# 12. Allow everyone to communicate on ports range from 8778 to 8781

#$IPT -A INPUT -p tcp -m multiport --dport 8778:8781 -j ACCEPT

# 13. Allow DTLT default ports to be open

#$IPT -A INPUT -p tcp -m multiport --destination-port 8080,8181,8444 -j ACCEPT

#  DROP all other traffic and log it

# 14. Create a LOGDROP chain to log and drop packets

LOGLIMIT="2/s"

LOGLIMITBURST="10"

$IPT -N LOGDROP

$IPT -A LOGDROP -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level 7 --log-prefix "TCP LOGDROP: "

$IPT -A LOGDROP -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level 7 --log-prefix "UDP LOGDROP: "

$IPT -A LOGDROP -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level 7 --log-prefix "ICMP LOGDROP: "

$IPT -A LOGDROP -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-level 7 --log-prefix "FRAGMENT LOGDROP: "

$IPT -A LOGDROP -j DROP

$IPT -A INPUT -p icmp -j LOGDROP -m pkttype ! --pkt-type broadcast

$IPT -A INPUT -p tcp -j LOGDROP -m pkttype ! --pkt-type broadcast

$IPT -A INPUT -p udp -j LOGDROP -m pkttype ! --pkt-type broadcast

$IPT -A INPUT -p tcp -j REJECT --reject-with tcp-reset

root@nastoosquare:/etc/init.d/rc3.d/#: service avfirewall status

Chain INPUT (policy DROP)

target     prot opt source               destination        

ACCEPT     all  --  localhost.localdomain  anywhere           

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere           

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net

ACCEPT     tcp  --  anywhere             anywhere            multiport dports ssh,http,ideafarm-door,7444,interwise,8543,8580,tungsten-https

ACCEPT     udp  --  anywhere             anywhere            multiport dports domain,netbios-ns,netbios-dgm

ACCEPT     tcp  --  anywhere             anywhere            multiport sports 7444

ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https

ACCEPT     tcp  --  anywhere             anywhere            tcp spt:tungsten-https

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp spt:27000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp spt:29000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp dpt:27000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp dpt:29000

LOGDROP    icmp --  anywhere             anywhere            PKTTYPE != broadcast

LOGDROP    tcp  --  anywhere             anywhere            PKTTYPE != broadcast

LOGDROP    udp  --  anywhere             anywhere            PKTTYPE != broadcast

REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Chain FORWARD (policy DROP)

target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination        

ACCEPT     all  --  localhost.localdomain  anywhere           

ACCEPT     tcp  --  anywhere             anywhere            multiport sports ssh,http,ideafarm-door,7444,interwise,8543,8580,tungsten-https

ACCEPT     udp  --  anywhere             anywhere            multiport sports domain,netbios-ns,netbios-dgm

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp spt:27000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp spt:29000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp dpt:27000

ACCEPT     tcp  --  nastoosquare.virtualsolution.net  nastoosquare.virtualsolution.net tcp dpt:29000

Chain LOGDROP (3 references)

target     prot opt source               destination        

LOG        tcp  --  anywhere             anywhere            limit: avg 2/sec burst 10 LOG level debug prefix `TCP LOGDROP: '

LOG        udp  --  anywhere             anywhere            limit: avg 2/sec burst 10 LOG level debug prefix `UDP LOGDROP: '

LOG        icmp --  anywhere             anywhere            limit: avg 2/sec burst 10 LOG level debug prefix `ICMP LOGDROP: '

LOG        all  -f  anywhere             anywhere            limit: avg 2/sec burst 10 LOG level debug prefix `FRAGMENT LOGDROP: '

DROP       all  --  anywhere             anywhere           

-------------------------------------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------------------------------------

What do you think about this changes:

Original

$IPT -A OUTPUT -p tcp -m multiport --sport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A OUTPUT -p udp -m multiport --sport 53,137,138 -j ACCEPT

Modified

$IPT -A OUTPUT -p tcp -m multiport -s xx.57.10.0/24  -d xx.57.10.0/24 --sport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A OUTPUT -p udp -m multiport -s xx.57.10.0/24  -d xx.57.10.0/24 --sport 53,137,138 -j ACCEPT

--------------------------------------------------------------------------------------------------

Original

$IPT -A INPUT -p tcp -m multiport --dport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A INPUT -p udp -m multiport --dport 53,137,138 -j ACCEPT

Modified

$IPT -A INPUT -p tcp -m multiport -s xx.57.10.0/24  -d xx.57.10.0/24 --dport 22,80,902,7444,7778,8543,8580,9443 -j ACCEPT

$IPT -A INPUT -p udp -m multiport -s xx.57.10.0/24  -d xx.57.10.0/24 --dport 53,137,138 -j ACCEPT

--------------------------------------------------------------------------------------------------

$IPT -A INPUT -p tcp -m multiport -s xx.57.10.0/24  -d xx.57.10.0/24 --sport 7444 -j ACCEPT

$IPT -A INPUT -p tcp --s xx.57.10.0/24  -d xx.57.10.0/24 --sport 443 -j ACCEPT

$IPT -A INPUT -p tcp -s xx.57.10.0/24  -d xx.57.10.0/24 --sport 9443 -j ACCEPT

Thanks

ps

default rules are this:

Chain INPUT (policy DROP 3367 packets, 263K bytes)

pkts bytes target     prot opt in     out     source               destination       

156K   25M ACCEPT     all  --  *      *       127.0.0.1            0.0.0.0/0         

757K  370M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

   34  2806 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0         

5115  306K ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221      

  193 10484 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 22,80,902,7444,7778,8543,8580,9443

  896 92128 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 53,137,138

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 7444

    2    88 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:9443

    0     0 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp spt:27000

    0     0 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp spt:29000

    0     0 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp dpt:27000

    0     0 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp dpt:29000

    0     0 LOGDROP    icmp --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE != broadcast

  125  6805 LOGDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE != broadcast

   54  3862 LOGDROP    udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE != broadcast

    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target     prot opt in     out     source               destination       

Chain OUTPUT (policy ACCEPT 470K packets, 159M bytes)

pkts bytes target     prot opt in     out     source               destination       

156K   25M ACCEPT     all  --  *      *       127.0.0.1            0.0.0.0/0         

207K  120M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 22,80,902,7444,7778,8543,8580,9443

    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport sports 53,137,138

36416   14M ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp spt:27000

   33 10198 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp spt:29000

42448 7299K ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp dpt:27000

   43  7048 ACCEPT     tcp  --  *      *       xx.57.10.221         xx.57.10.221        tcp dpt:29000

Chain LOGDROP (3 references)

pkts bytes target     prot opt in     out     source               destination       

  125  6805 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 7 prefix `TCP LOGDROP: '

   54  3862 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 7 prefix `UDP LOGDROP: '

    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 7 prefix `ICMP LOGDROP: '

    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 7 prefix `FRAGMENT LOGDROP: '

  179 10667 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0 

Hello,

I am attempting to set up a Hortonworks sandbox on our VSphere 5.5 lab environment.  We have deployed many times before and have had various problems, but this is a new one to me.

After selecting the OVA file from my local disk within the File/Deploy OVF Template wizard, and selecting where to store the VM (we use SAN), it errors out after I click "Finish" with the error "Failed to Deploy OVF package: A general system error occurred: Failed to write to C:\ProgramData\VMware\VMware VirtualCenter\journal\1433426209.11: Error writing file.  There is not enough space on the disk."

I don't know why it is trying to write a journal file to my local workstation, but at any rate the path referenced in the error did not exist.  I tried creating those folders but the same error was returned.

Note that this is a 5.41 GB OVA file and the local disk on my workstation has 244 GB free.

I then tried adding additional permissions (Users did not have Write) but it still threw the error.  I noticed that the file properties page for the OVA showed it as blocked since it came from a different computer so I unblocked it, but again had no luck with the deploy...same error.

I assume that the path is written during the conversion of a VM at Hortonworks to an OVA (Export?) but I have no idea how, or even if I could change it.  Or even if changing the path would help.

Has anyone else run into this issue and is there a work-around that you can provide?

Thanks is advance for any help,

Rick