Skip to content


Reply
Stone Emissary
dmarker
Posts: 5
Registered: ‎10-31-2011
Accepted Solution

Deep Security problem with restore esx

Let me start this by saying I already tried searching the TrendMicro forums and Google and didn't have any luck finding an answer to my problem.  I'm in the process of trying to set up Deep Security 7.5 sp3 with esxi 4.1, vcenter 4.1 and vshield endpoint 5.0. I've tried getting things to work a few times and I'm just not having any luck.  Regardless, my current problem is with "restore esx" in the TMDS Manager page. When I try to restore a host, it goes through the motions, restarting the host and such, but then when the host comes back online and goes out of maint mode, it's still flagged as prepared in the TMDS Manager page. I've checked the host and while the vmkernel vm port has been removed for the trendmicro software, the filter driver is still present.

 

Is there something I'm missing here? I'd like to get this software cleaning removed from my hosts so I can start over on the install and hopefully get this all working.  Even if I wanted to start from where I'm at, I can't re-prepare the hosts because the option is no longer available. I need help asap.

 

Also,  I previously tried to call Trend Micro support regarding a different issue and was unable to understand the person on the phone. Is there a support email address I can reach someone at?

Please use plain text.
Stone Emissary
dmarker
Posts: 5
Registered: ‎10-31-2011

Re: Deep Security problem with restore esx

well, I figured out how to install and uninstall the filter driver via the CLI using vihostupdate.pl.  Somehow I've managed to get one of my hosts to list as unprepared, but the other two are still listed as prepared.  The filter driver will uninstall normally and won't be listed through vihostupdate, however if I try an install again, it returns an error stating

Host was not updated, no changes required.Skipping bulletin Trend-FilterDriver-7.5.0-5586; it is installed or obsoleted.

 At this point, it's listed again. So, apparently it's not entirely being removed.

Please use plain text.
Stone Emissary
dmarker
Posts: 5
Registered: ‎10-31-2011

Re: Deep Security problem with restore esx

[ Edited ]

I've managed to get one of my hosts back to Unprepared status. I'm still at a loss on my third and final host. 

Please use plain text.
Stone Emissary
dmarker
Posts: 5
Registered: ‎10-31-2011

Re: Deep Security problem with restore esx

I've got the correct version of vShield endpoint installed and I still have the same problem.  

 

To recap:

The Trend Micro Deep Security Manager has my host listed as Prepared. Filter Driver Version: 7.5.0.5586. When I run "Restore ESX", the wizard enters mantainence mode, attempts to uninstall the filter driver, exits mantainence mode, then says "Operation Failed: The driver is not responding properly." and the Host is still shown to be Prepared.

 

Attempting the manual uninstall via the vSphere CLI for " Trend-FilterDriver-7.5.0-5586" shows this:

 

Error encountered:
   Description - No VIBs from this bulletin are installed.
   Message     - No matching bulletin or VIB was found in the metadata.No VIBs from this bulletin are installed.
Please use plain text.
Stone Emissary
dmarker
Posts: 5
Registered: ‎10-31-2011

Re: Deep Security problem with restore esx

We found a solution. In the Direct Console User Interface on the host, under Troubleshooting Options, there's an option to Remove Custom Extensions. This cleared out everything and allowed the filter driver and networking configuration to be properly reinstalled.  This will also remove any vShield extentions like the Endpoint driver as well, so you'll need to reinstall that. The Deep Security software is active on all our hosts and VM's now.

Please use plain text.