While installing vShield Endpoint and Trend Micro Deep Security virtual appliances on another 20 hosts this week, I ran into a situation I hadn’t seen before–and this one didn’t have the usual breadcrumbs on the Web to a solution.
This configuration has a vCenter Server (5.1, latest build) at one data center, managing clusters of hosts at other data centers. These data centers are connected by 20-Gbps trunks. My efforts to install vShield Endpoint from the main data center to the hosts at one of the remote data centers failed. I saw two variations of error messages. One was a “page cannot be displayed” error in the vShield Manager console. The other was a java exception message.
I went on and patched the hosts to the latest build of ESXi, 1157734. No change. Finally, I completed the last step of the networking configuration, which is what yielded the missing clue. I had been able to successfully install identically configured hosts, except that they were already connected to their distributed vSwitches. When vShield Endpoint installation is attempted before the host has any VM network port groups, the vShield Endpoint installation fails. Adding the appropriate host NICs to a distributed vSwitch, then rebooting the vShield Manager, allowed vShield Endpoint to install successfully.
Prior to installing vShield Endpoint, I had configured the usual base configuration items on the host–management networking, NTP, DNS, storage and vMotion switching, and so forth. But the only networking I had configured was VMkernel networking–I had not created any port groups for VMs. Apparently vShield Endpoint requires that at least one VM networking port group before it will install.
As always, I hope this helps you.