Troubleshooting
Forcing re-synchronization of Active Directory and vCenter integrations in GravityZone
This topic explains how to force re-synchronization of Active Directory and vCenter integrations in GravityZone Control Center.
GravityZone allows you to integrate with Active Directory and vCenter Server to reduce the effort of deploying and managing protection for physical and virtual machines.
Issue
In some cases, the Active Directory and vCenter inventories may not be visible in GravityZone Control Center because of a synchronization issue. To overcome this problem, you need to force the re-synchronization of each integration.
Solution
Re-synchronize Active Directory Integration
Go to Configuration > Active Directory > Domains.
Select the Active Directory integration from the list.
Click the Force Re-Sync button from the action toolbar.
Re-synchronize vCenter Integration
Go to Configuration > Virtualization Providers.
In the Action column of the table, click the Edit button of the vCenter Server integration.
In the configuration window, click the Save button to force re-synchronization.
Video tutorial
You can watch a video tutorial on the topic here.
Out of sync GravityZone integrations
In this topic, you will learn how to troubleshoot out-of-sync errors for several server infrastructure integrations with GravityZone.
GravityZone (on-premises) integrates server infrastructure inventories. Errors could occur when the integration process encounters an issue where it is unable to resolve it on its own.
You can receive out of sync error messages for the following integrations:
VMware vCenter Server
Citrix XenServer
Nutanix Prism Element
Active Directory
Out of sync error message | Actions |
Invalid Credentials | This error message is triggered by outdated credentials. To update your credentials: 1. Go to Configuration > Virtualization > Providers. 2. Click the edit button to open the integration screen. 3. In the Authentication section enter your credentials. 4. Click Save. |
Connection error | This message can be triggered by a disconnected network interface. Check network connectivity between GravityZone and your server infrastructure integration. |
Host is slave | This message is triggered only for Citrix XenServer integrations. Only one Master host exists per cluster, with other slave hosts. When Master host fails, the Slave host becomes a Master. Follow these steps to change the IP address to match the new Master host: 1. Go to Configuration > Virtualization > Providers. 2. Click the edit button to open the integration screen. 3. In the Hostname field, type your new Master host IP address. 4. Click Save. |
Certificate error | This message is triggered when a certificate lifecycle has expired. Follow these steps to renew your certificate: 1. Go to Configuration > Virtualization > Providers. 2. Click the edit button to open the integration screen. 3. Click Save. 4. Click Accept to renew your certificate. |
Host is unknown to master | This message is triggered only for Citrix XenServer integrations. For more information, refer to the following Citrix KB article. |
Insufficient user rights | This error message is specific to a scenario in which a user does not receive rights when you configure the integration. |
Unknown error | There are many types of errors that have affected the integration. Open an email ticket to further investigate this error message. |
Troubleshooting the issues affecting the Active Directory integration with GravityZone
Through the Active Directory integration, the existing Active Directory inventory is imported into Control Center, simplifying security deployment, management, monitoring and reporting. Active Directory users can be assigned different user roles in Control Center.
The most common error messages when configuring the Active Directory integration are related to:
Connectivity between the GravityZone appliance and domain controller or DNS resolution issues.
If GravityZone appliance is not able to resolve the name of the domain or is not able to reach the domain controller, use the following steps to troubleshoot this issue:
Verify the network settings configured for GravityZone (especially the gateway and DNS servers).
Make sure that the IP assigned to GravityZone is not being used by another device within your network.
Make sure the appliance can reach the domain controller port
389or636if you have SSL authentication enabled by using the following commands:# telnet dc_name port # telnet dc_name port
Make sure the appliance can resolve the domain name and domain controller name by using the following commands:
# ping domain_name # ping dc_name
“Invalid username or password” - The username and password couldn’t be validated.
Follow these steps to troubleshoot this issue:
Make sure the username and the password configured in Control Center are correct by logging in to a domain machine or domain controller with the same credentials or try using another account.
If the account was newly created for the integration, make sure that the option User must change password at next logon is disabled.
If there is an issue saving the Active Directory (AD) settings, or if the screen freezes after clicking the Save button, connect to the GravityZone appliance using SSH and check:
RabbitMQ service is started on the GravityZone appliance:
# service rabbitmq-server status
RabbitMQ cluster status:
# rabbitmqctl cluster_status
Processors status:
# ps aux | grep php
Issues affecting the vCenter integration with GravityZone
This section explains how to troubleshoot issues affecting the vCenter integration with GravityZone.
Through the VMware vCenter integration, the existing VMware vCenter inventory is imported into Control Center, simplifying security deployment, management, monitoring and reporting.
Note
If the following steps do not resolve the issue, contact the Bitdefender Enterprise Support team and attach full logs together with outputs from the following commands.
The most common error messages when configuring the VMware vCenter integration are related to:
Connectivity between the GravityZone machine and VMware vCenter or DNS resolution issues
GravityZone appliance is not able to resolve the name of the VMware vCenter or is not able to reach the domain controller. Use the following steps to investigate this:
Verify the network settings configured for GravityZone (especially the gateway and DNS servers).
Make sure that the IP assigned to GravityZone is not being used by another device within your network.
Make sure the appliance can reach the VMware vCenter on port 443:
# telnet vcenter portMake sure the appliance can resolve the domain name and domain controller name:
# ping vcenter
Invalid username or password
The username and password do not have vCenter Administrator permissions. To troubleshoot this issue, follow these steps:
Make sure the username and the password configured in Control Center are correct (login to vSphere Client with the same credentials or try using another account).
Make sure the user used for integration has vCenter Administrator permissions:
Unable to save vCenter settings or the screen freezes after pressing the Save button
If you are unable to save the vCenter settings or after pressing Save button the screen frozen, connect through SSH to the GravityZone machine and check:
If the RabbitMQ service is started on the GravityZone machine:
# service rabbitmq-server statusThe RabbitMQ cluster status:
# rabbitmqctl cluster_statusThe processors status:
# ps aux | grep php
GravityZone On-Premises integration with Amazon EC2
This section presents the prerequisites and some basic troubleshooting steps for integrating GravityZone (on-premises) with an Amazon EC2 inventory.
As an Amazon EC2 customer, you can integrate the inventory of EC2 instances grouped by Regions and Availability Zones with the GravityZone network inventory.
Prerequisites
A company administrator account in a fully functional on-premise GravityZone console, able to communicate with the address of your specific AWS EC2 region:
ec2.[aws-region].amazonaws.com:44(you can view the full list here)
An active AWS IAM service account with the following privileges:
Programmatic access (access / secret key)
IAMReadOnlyAccessAmazonEC2ReadOnlyAccessfor all required AWS regions
Troubleshooting
If you fail to create an Amazon EC2 integration in GravityZone, or the integration becomes out of sync, check the following possible causes and solutions:
Issue | Solution |
The AWS account linked to the provided credentials is missing one or both of the required permissions ( | Access the AWS user roles and policies and add all the required permissions. |
The recently modified AWS account user permissions have not yet propagated all across AWS, while creating the AWS integration in GravityZone. | Wait for a few minutes, and then try again to configure the integration. |
The AWS policy linked to the AWS user account includes only a part of the specific regions (for example: | Apply the AWS user account with |
Some Amazon EC2 regions are unavailable. GravityZone requires connectivity to all AWS regions when creating the integration or synchronizing the AWS inventory. When GravityZone cannot communicate with one or several regions, the integration fails or becomes out of sync. Possible reason: outage of the corresponding AWS regions. | Check the AWS regions status page and try again to create / synchronize the integration when the outage is solved. |
Trying to create multiple Amazon EC2 integrations using the same AWS account. GravityZone supports multiple AWS EC2 integrations based on access and secret keys of different AWS accounts. It is not possible to create two Amazon EC2 integrations using the same AWS account, even when providing two sets of access and secret keys. | Use a set of credentials of a user created under a different AWS account, when trying to create another Amazon EC2 integration in GravityZone. |
The provided secret and access keys are no longer valid or available, and the integration becomes out of sync. | Access the AWS account and create another key pair for the corresponding IAM user. |
Your firewall is blocking the communication between GravityZone appliance and AWS. | Configure the firewall (or a proxy) to allow network access between GravityZone and AWS. |