VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual page 137

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:

Programming manual (90 pages)

Quick start manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

Load-Balancer Throws Error 502 Bad Gateway for HTTP Requests

To determine why the load balancer service on a vShield Edge is throwing a 502 Bad Gateway error

This error occurs when the backend or Internal servers are not responding to requests.

Verify that internal server IP addresses are correct.

The current configuration can be seen through the vShield Manager or through the CLI command show

configuration lb.

Verify that internal server IP addresses are reachable from the vShield Edge internal interface.

Verify that internal servers are listening on the IP:Port combination specified at the time of load balancer

configuration.

If no port is specified, then IP:80 must be checked. The internal server must not listen on only 127.0.0.1:80;

either 0.0.0.0:80 or <internal-ip>:80 must be open.

VPN Does Not Work

To determine why VPN does not work on a vShield Edge

Verify that the other endpoint of the tunnel is configured correctly. Use the CLI command: show

configuration ipsec

Verify that IPSec service is running on the vShield Edge.

To verify using the CLI command: show service ipsec. IPSec service has to be started by issuing the

start command.

If ipsec is running and any errors have occurred at the time of tunnel establishment, the output of show

service ipsec displays relevant information.

Verify the configuration at both ends (vShield Edge and remoteEnd), notably the shared keys.

Debug MTU or fragmentation related issues by using ping with small and big packet sizes.



ping -s 500 ip-at-end-of-the-tunnel



ping -s 2000 ip-at-end-of-the-tunnel

Troubleshooting vShield Endpoint Issues

Thin Agent Logging

vShield Endpoint thin agent logging is done inside the protected virtual machines. Two registry values are

read at boot time from the windows registry. They are polled again periodically.

There are two registry values, log_dest and log_level. The two entries are located in the following registry

locations:

HKLM\System\CurrentControlSet\Services\VFileScsiFilter\Parameters\log_dest

HKLM\System\CurrentControlSet\Services\VFileScsiFilter\Parameters\log_level

Both are DWORD bit masks that can be any combination of the following values:

log_dest

WINDBLOG

VMWARE_LOG

log_level

AUDIT

ERROR

WARN

INFO

DEBUG

VMware, Inc.

0x1

0x2

0x1

0x2

0x4

0x8

0x10

Appendix B Troubleshooting

137

Table of Contents

This manual is also suitable for:

Vshield manager 4.1.0 update 1 Vshield zones 4.1.0 update 1 Vshield edge 1.0.0 update 1 Vshield endpoint 1.0.0 update 1

VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual page 137

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Related Products for VMware VSHIELD APP 1.0.0 UPDATE 1

This manual is also suitable for:

Table of Contents