Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Windows virtual machine with NSX Network Introspection driver loses TCP connection

    • Updated:
    • 8 Aug 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

A Windows virtual machine (VM) with NSX Network Introspection driver (vnetflt.sys) connected to Guest Introspection SVM (USVM) loses its temporary TCP network connectivity for new connections.

When you run the "dmesg" command to show the logs, you see entries similar below:

Out of memory: Kill process <process_id> (java) score <score> or sacrifice child

Upon checking the NSX Manager log, you see the following:

Code:'260007'  Event Message: 'Lost communication with ESX module.'

The Guest Introspection Events window also shows the following error:

Guest Introspection Events

Details
Public

The NSX Network Introspection driver is used to send network-related events to USVM through Multiplexor (MUX). These network events are used in Activity Monitoring and Identity Firewall.

The driver collects TCP connectivity event and push it to USVM. Since there is a memory leak issue in the underlying connection between MUX and USVM, the USVM Event Manager process is restarted due to insufficient memory. While the event manager process is restarting, the TCP connectivity event collection stays incomplete for a while, which may result in Windows VM connectivity issue.

This issue is already resolved in the following builds available at VMware Downloads:

  • VMware NSX for vSphere 6.2.7
  • VMware NSX for vSphere 6.3.0

If you do not want to upgrade, you can disable the NSX Network Introspection driver as a workaround:

 
This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have the current and valid backup copy of the registry and virtual machine. For more information on backing up and restoring the registry, refer to this Microsoft article: Windows registry information for advanced users.
  1. Connect to the affected virtual machine using a console or RDP sessions.
  2. Click Start > Run.
  3. Type "regedit" and click OK.
  4. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vnetflt\.
  5. Right-click the Start key and select Modify.
  6. Change the value to "4" and click OK.
  7. Close the Registry Editor Window.
  8. Reboot the virtual machine.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1117913
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.