Win7 + McafeeHIPS IPS on + VMware View agent = Windows update error

These 3 combination for whatever reason cripples Windows update.  This issue is still unsolved for me due to lack of any Mcafee logs that can point to the signature that is causing it.  I would disable IPS every patch Tuesday to get the updates as a workaround for the time being.  Here are the symptoms.

1.  Win7 + McafeeHIPS IPS on + VMware View agent = Windows Update not working

2.  WinXP + McafeeHIPS IPS on + VMware View agent = Windows Update no issue (weird)

3.  Win7 + McafeeHIPS IPS on = Windows Update no issue

4.  Win7 + VMware View Agent = Windows Update no issue

5.  Win7 + McafeeHIPS IPS on + VMware View agent = When IPS is disabled then re-enabled crashes and restarts the VM.

The hard part is not have a clear log that points the the root cause.  Another issue is whether to call Mcafee or the VMware View team.  This is going to require more time to be diagnose properly in the near future.

VMware customization and Mcafee HIPS

VMware customization scripts does not complete when Mcafee HIPS IPS is enabled.  When creating a Windows 7 master image for VMware View or just a regular vm, make sure that the IPS is disabled on your golden image.

Another note, my master image normally has full blown Mcafee HIPS, Antivirus, DLP etc.  I normally delete registry key “AgentGUID” and “Macaddress” for a proper EPO registration.    https://kc.mcafee.com/corporate/index?page=content&id=KB56086

VDP Backup tips

Love VDP since from the start.  We use Veeam backup before but we found out VDP is better suited for our environment.  No offense to Veeam, I think they wrote a very good piece of software but as far as simplicity, future proof and $$ you can’t beat VDP.

In the past I get error and they are all mainly due to stale snapshots related.  My goal is just to share how I troubleshoot and delete stale snapshots.  You must be really, really carefull when you are manually deleting snapsthots in the datastore, the best bullet-proof advice is that to make sure the VM is “ON” and running during deletion of stale vmdk.  Why? VMFS, locks the files he is using when running so any attempt to delete/rename/move to the vmdk will be unsuccessful, which is what we want.

1.  Delete all snapshots you have from snapshot manager that you are using.  99 percent of the time I tend to clean-up all my snapshots on the server as best practice.  RUN VDP

2.  Run “Consolidate” if necessary. RUN VDP

3.  If you still get VSS error or something like “Cannot take a quiesced snapshot”.  STALE SNAPSHOTS – Navigate to the datastore that this particular VM resides and look for something like “VM000002.vmdk”.  Remember that we deleted all snapshots so there should be nothing like this there.  Before you delete it, double check the date.

4.  VMware agent and third party VSS contention.  Be aware of any third party backup agent that has its own VSS like Backup-exec.  VMware agent  can use backup-exec agent without a problem, the issue is the order you install the Backup-exec agent.  Backup-exec agent should be the last to be installed.  Gotchas…  Be aware of this when you are upgrading the VMware agent, you will need to reinstall the backup-exec agent again if you start getting backup error.

Good luck…