Solved

standalone esxi5.0.0 logging 'user root@ipaddress logged in' every few seconds?

Posted on 2014-04-15
8
356 Views
Last Modified: 2016-10-27
just noticed this on one of my hosts.  

Any ideas?
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001057
lookup the IP Address, in DNS, traceroute, and find out which server it's coming from.

Change your root password if in doubt.

e.g. Veeam, Altiris, other management solutions.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001071
sorry, i did, its my machine..
also downed the acronis appliance, no change.
0
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001074
So, what do you have running on your machine?

PowerCLI ?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001087
ha ha who klnows!  lots of things.
shut it down and its stopped.  will now see whats causing it.
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40001171
RV Tools, vSphere Client, VMware Flings

It's probably best to create yourself, a new "root" account, specific to you, so you can easily track these access requests.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40001199
solarwinds vm monitor!!
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40001203
in h future if you want to know what process on your PC is doing this then run netstat -ab and it will show active connections and the filename.   Look for connections to your Esx server IP address.
0
 
LVL 121
ID: 40001214
Look at creating a new user e.g. Service_Solarwinds in ESXi, it makes it more secure, than using the root account to login, and you will then know what the account is!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Here's a look at newsworthy articles and community happenings during the last month.
Teach the user how to use configure the vCenter Server storage filters Open vSphere Web Client:  Navigate to vCenter Server Advanced Settings: Add the four vCenter Server storage filters: Review the advanced settings: Modify the values of the four v…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question