The deployment of a new DSVA fails with the following error message:
Virtual Appliance deployment on this ESX cannot proceed because a required component installed during ESX preparation (‘vmservice-trend-pg’) could not be found. Please “restore” your ESX and “prepare” it again.
Click image to enlarge.
The issue is caused by any of the following:
- The vmservice-trend-pg switch or port group is not present. The vmservice-trend-pg switch is created during ESXi preparation. If the Deep Security Filter Driver was manually installed, this switch should have been created automatically.
- The vCenter account in use does not have sufficient permission to deploy a new DSVA.
To resolve the issue:
- Verify if the vmservice-trend-pg switch / port group is present in the ESX networking properties:
- On the vCenter, select Hosts and Clusters view.
- Click the ESX, and then go to the Configuration tab.
- On the left pane, click Networking.
The example below shows that the vmservice-trend-pg switch was not created.
If the vmservice-trend-pg switch was created, proceed to Step 3.
If the vmservice-trend-pg switch was not created, proceed to Step 2.
- Create the vmservice-trend-pg port group under the vmservice-vswitch standard switch:
- On the vmservice-vswitch, click Properties.
- Click Add.
- Under Connection Types, select Virtual Machines and then click Next.
- Under Port Group Properties, click Network Label and then type “vmservice-trend-pg”.
- Click Next.
- Review the settings and click Finish.
Check the networking properties of the ESXi to verify the newly-created switch.
- Ensure that the vCenter account set in the Deep Security Manager (DSM) properties has sufficient permission, preferably in the top-level hierarchy on the Vcenter. The default administrator role can be used. To do this:
- On the DSM console, right-click vCenter and then click Properties.
Take note of the vCenter account used.
- On the vCenter, highlight the top-level domain, data center, or cluster where the ESXi belongs.
Go to the Permissions tab. The account specified in the DSM should be listed here, or is a member of a group that has an administrator role.
- If the account does not have full access or administrator role, specify an account that has an administrator role in the cluster, data center, or top-level domain where the ESXi belongs.