Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

“Interface out of sync” appears in the Deep Security Manager (DSM) console

    • Updated:
    • 1 Dec 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • HPUX 11.x
    • IBM AIX
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 11
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware vCenter 5.0
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary
The “interface out of sync” error occurs when the interface information that DSM has for the guest virtual machine (VM) is not the same as the interface information being reported by the Deep Security Virtual Appliance (DSVA).
DSM gets its interface information from the VC and stores it in its database. If the interface information stored by the DSM differs from the interface information retrieved from the DSVA (e.g. different numbers of interfaces, different MAC addresses), then the error message will appear.
Details
Public
To determine the root cause of the issue, we need to know where the information has become out of sync. We should check whether DSM is no longer in sync with the VC or if it is the DSVA that has gone out of sync with the VM.
First, you need to check the error message from the DSM console to figure out which VM and which interface has the issue.
  • Check the specific VM interfaces.
  1. Log on to the VM.
  2. Open a command prompt and type: ipconfig /all
  3. Double-check all the NICs and MAC addresses here. See if all the NICs have the correct driver and if they are working properly.
  • Check the VM interface information in vCenter.
  1. You can check the VM interface information from the Managed Object Reference (MoRef) in the vCenter Server. Access the VC MOB from the web browser and go to:
    https://<VC_SERVER>/mob/?moid=<OBJECT_ID>
    For example: https://192.168.100.100/mob/?moid=vm-1136&doPath=config
    Where:
    <VC_SERVER> is the FQDN or IP of the vCenter Server
    =<OBJECT_ID> is the ID of the object you are looking up
    You can refer to this VMWare KB article for more information on how to access the VC MOB: Looking up Managed Object Reference (MoRef) in vCenter Server
  2. Go to Config > extraConfig["ethernet0.filter0……"] > hardware to check all the NICs and MAC address.
  3. Compare the MAC addresses with Step 3 above (first bullet).
  • Check the vmx file and the VM interface information in DSM.
  1. Use the vCenter Server datastore browser to download the specific VM’s vmx file.
  2. Open the vmx file using Notepad and check the IPs, uuid.bios, and MAC addresses.
    For example:
    -----------------------------------------------------------------
    Check VM UUID
    – uuid.bios = "42 23 d6 5d f2 d5 22 41-87 41 86 83 ea 2f 23 ac"
    Check EPSec Settings
    – VFILE.globaloptions = "svmip=169.254.50.39 svmport=8888"
    – scsi0:0.filters = "VFILE“
    Check DvFilter Settings
    – ethernet0.filter0.name = "dvfilter-dsa"
    – ethernet0.filter0.onFailure = "failOpen"
    – ethernet0.filter0.param0 = "4223d65d-f2d5-2241-8741-8683ea2f23ac"
    – ethernet0.filter0.param2 = "1"
    – ethernet0.filter0.param1 = "00:50:56:A3:02:D8"
    ---------------------------------------------------------------------
  3. Go to the DSM dashboard, and then double-click the specific VM > Interfaces. Double-check the IPs and MAC addresses.
  4. Compare the IP and MAC address with the results from the other bullets above.
  • Check the VM interface information in DSVA.
  1. Use the vCenter Server datastore browser to download the specific VM’s vmx file.
  2. Open the vmx file using Notepad and check the uuid.bios value.
  3. Log on to the DSVA console and press “Alt + F2” to switch to command mode. Enter the DSVA username and password.
  4. Run the following command to verify if the VM’s interface was recognized by DSVA.
    cd /var/opt/ds_agent/guests/$uuid
    Note: Input your real uuid.bios here to replace “$uuid”.
    >/opt/ds_guest_agent/ratt if
    "ratt if" command
    The “ratt” command normally has this output if DSVA is able to recognize the VM NIC.
    "ratt" command output when DSVA is able to recognize the VM NIC
  5. Execute the “ifconfig –a” command to verify if the DSVA NIC settings and IP are configured correctly.
  6. Compare the IP and MAC address with the results from the bullets above.
You will need to fix this issue if any of the above items are out of sync.
Here are your workaround options:
Option I
When cloning an activated VM in Deep Security, you may encounter interface out-of-sync alert if you power on and activate VM. As a work around, clean the dvfilter settings before powering on the cloned VM.
--------------------------------------------------------
– ethernet0.filter0.name = "dvfilter-dsa"
– ethernet0.filter0.onFailure = "failOpen"
– ethernet0.filter0.param0 = "4223d65d-f2d5-2241-8741-8683ea2f23ac"
– ethernet0.filter0.param2 = "1"
– ethernet0.filter0.param1 = "00:50:56:A3:02:D8"
--------------------------------------------------------
Option II
  1. Suspend the specific VM and power it on again.
  2. Restart DSVA.
  3. Deactivate the VM and then activate it again.
Option III
vMotion the specific VM to a protected host and then clean the warning message.
Note: The vCenter must be connected to DSM all the time. Otherwise, the interface out of sync issue will happen often.
For further troubleshooting, do the following:
  1. Provide the result of Step 6 (bullet 4).
  2. Get the rattif.txt file from Step 4 (bullet 4).
  3. Get the output of the following commands:
    -------------------------------------------------
    $ ls -alR > /home/dsva/ls.txt
    $ netstat -an > /home/dsva/netstat.txt
    $ ps auxww > /home/dsva/ps.txt
    $ lsof > /home/dsva/lsof.txt
    $ ifconfig –a > /home/dsva/ifconfig.txt
    $ cp /var/log/syslog /home/dsva/syslog.txt
    --------------------------------------------------
  4. Get the diagnostic packages for DSM, DSA, and DSVA.
  5. Collect the following files:
    • rattif.txt
    • ls.txt
    • netstat.txt
    • ps.txt
    • lsof.txt
    • ifconfig.txt
    • syslog.txt
  6. Send the files to Trend Micro Technical Support.
In case you cannot find the VM’s MAC address from the output of the “ratt if” command, then use this workaround:
  1. Deploy a VM from a template in vCenter.
  2. Delete the existing NIC.
  3. Power on this VM, but there is no need to log on.
  4. Power off this VM.
  5. Add a new NIC.
  6. Power on VM.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1060688
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.