I was playing around with vShield Endpoint, to setup a new anti-virus/maleware solution with TrendMicro. While playing a came across some challenges, so now I’ve got some tips for you when you’re installing vShield Endpoint.

1. Login using your domain account
The first tip is how to fix the annoying “bug” which will prevent you from logging in with your domain account and every time have to login with the admin user.

The trick is to add your AD group with its FQDN like “domain.com\ad-group”, when you add a new vCenter Group.

vShieldAddGroup1  vShieldAddGroup2  vShieldAddGroup3

2. Error Installing vShield Endpoint

When you have setup the vShield manager, it’s time to deploy the de vShield agent to the ESXi hosts.
So you select a host and click install right next to vShield Endpoint. You’ll be prompted “Invalid operation. Page cannot be displayed”.


This problem is quickly resolved by rebooting the host.

When the host is back online we’ll go back to the vShield Manager, select the host and again select install next to vShield Endpoint. On the next page we’ll verify that vShield Endpoint is selected and click install. Now the second error occurs on the screen: “vShield Endpoint installation encountered error while installing vib:Internal Server error: VMKernel portgroup presented on incorrect vSwitch”.


This problem is – as the error states – related to an incorrect vSwitch. To resolve this problem we have to create a vSwitch with the name “vmservice-vswitch” with a VMKernel Port for communication. The easiest way to do this is via PowerCLI. Open PowerCLI and connect to vCenter or the host(s). Enter the following commands to create the new switch;

Get-Cluster -Name "My_Cluster" | Get-VMHost | New-VirtualSwitch -Name "vmservice-vswitch"

Get-VMHost | New-VMHostNetworkAdapter -PortGroup "vmservice-vmknic-pg" -VirtualSwitch "vmservice-vswitch" -IP -SubnetMask


Now that the correct vswitch is created we can install vShield Endpoint. After the installation is completed, you’ll notice that the installation made an extra portgroup named “vmservice-vshield-pg”.


The problems described above probably wouldn’t have occurred if I just followed the Installation/Administration Guide. But, like most IT employees, I don’t like to read a book of 80 pages before I can get started and this way I also learned something.