Solved

standalone esxi5.0.0 logging 'user root@ipaddress logged in' every few seconds?

Posted on 2014-04-15
8
353 Views
Last Modified: 2016-10-27
just noticed this on one of my hosts.  

Any ideas?
0
Comment
Question by:CHI-LTD
  • 4
  • 3
8 Comments
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001057
lookup the IP Address, in DNS, traceroute, and find out which server it's coming from.

Change your root password if in doubt.

e.g. Veeam, Altiris, other management solutions.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001071
sorry, i did, its my machine..
also downed the acronis appliance, no change.
0
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001074
So, what do you have running on your machine?

PowerCLI ?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001087
ha ha who klnows!  lots of things.
shut it down and its stopped.  will now see whats causing it.
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001171
RV Tools, vSphere Client, VMware Flings

It's probably best to create yourself, a new "root" account, specific to you, so you can easily track these access requests.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001199
solarwinds vm monitor!!
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40001203
in h future if you want to know what process on your PC is doing this then run netstat -ab and it will show active connections and the filename.   Look for connections to your Esx server IP address.
0
 
LVL 119
ID: 40001214
Look at creating a new user e.g. Service_Solarwinds in ESXi, it makes it more secure, than using the root account to login, and you will then know what the account is!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question