For those of you who do not know vRealize Log Insight. It is a log collector and analyzer, with a pretty, simple and intuitive GUI. An easy way of managing logs and messages from all your datacenter devices. Best of all, it is not a VMware only product! In that sense that as long as the message is in syslog format it can be ingest by Log Insight.
Basically, it provides the following capabilities:
- Centralized log management for your entire stack
- Search & analyze log data for real-time troubleshooting
- Anyone in the organization can access log data without compromising production systems
Recently, I have deployed several VRLI 4.5.1 deployments where ESXi 6.5 and vCenter VCSA 6.5 have been configured to send syslog to a remote syslog VRLI server. In this post, I want to highlight some syslog gotchas I marked during my implementations.
Issue:
Checking VRLI dashboards, you can notice a lot of errors captured from all ESXi hosts. I have recreated the issue in my lab and I noticed the same behavior.
Digging further into the errors to see what they are, we see a lot of “LikewiseGetDomainJoinInfo” messages spelling our logs.
Although all ESXi servers are fresh installed without any error displayed in the GUI, these messages appear for all hosts:
Hostd: [LikewiseGetDomainJoinInfo:354] QueryInformation(): ERROR_FILE_NOT_FOUND (2/0)
Solution:
After my research, it turns out that “LikeWise” is part of the authentication services in vSphere, and I’m ‘guessing’ there is a file that is created once vSphere is joined to a domain.
As my ESXi hosts were not joined to AD domain, What I did was I tried to join them and check if that error messages appear again. And Voila, this solves the issue. I’m led to assume that joining it to a domain “fixes the glitch” in the log error getting generated.
If you want to know how to join an ESXi to active directory domain, you can check this VMware KB article.
https://kb.vmware.com/s/article/2075361
So, as a summary, that message is safe to ignore. Likewise is used for authentication. You can resolve the log message by joining a domain. If you do not plan to do this then you should just ignore the log message.
If you find any other solution for this issue, I appreciate if you let me know about it.
Hope my post is informative,
Thanks for reading,
Mohamad Alhussein