Summary
Activation of a DSVA on ESXi 5.1 base release fails and the following errors appear:
- On Host (ESX) summary page: "vShield Endpoint: Not Registered"
- On Host (ESX) details page, under vShield tab: "Critical(1)" under Endpoint Status
Details
The activation of a DSVA can fail when the vShield Manager goes out of sync with the vCenter. This can happen when provisioning a new DSVA and the host is ESXi 5.1 base release. When the new guest virtual machine, or DSVA, receives a new VM-ID, the vShield Manager cannot recognize it properly. This causes the DSVA registration to fail.
To resolve the issue, synchronize the vShield Manager with the vCenter:
- Reboot the vShield Manager. This forces it to synchronize with the vCenter during the bootup process.
- De-activate the DSVA and activate it again for it to register properly.
VMware has also released vShield Manager Patch 5.1.2-997359 (5.1.2a) to correct the synchronization issue with the vCenter. Download VMware-vShield-Manager-upgrade-bundle-maintenance-5.1.2-997359.tar.gz and apply the patch. For the patch installation procedure, refer to this VMware KB article: Upgrading to vCloud Networking and Security 5.1.2a best practices (2044458).
Note: Take snapshots of all vShield Managers prior to upgrading/applying the patch.