Observer Analyzer : Analyzer : Getting started : Virtual machine troubleshooting
   
Virtual machine troubleshooting
 
Page Contents
Cannot capture traffic using VMware ESX VM
Experiencing BSOD when packet capture starts
Created: 2016-03-28
The hardware abstraction granted by virtual machines can interact with Observer Platform products in ways bare-metal systems cannot. This can sometimes lead to oddities, but these problems can be resolved.
Cannot capture traffic using VMware ESX VM
Created: 2016-03-28
When using GigaStor Software Edition in a virtual machine, Observer cannot capture network traffic when Memory Hot Add is enabled.
 
When Memory Hot Add is enabled, Observer can see traffic as a blue line, but Observer cannot capture any traffic by manually starting packet capture or being set to always capture data. You can still reserve memory in Observer (for example: 12 GB of 16 GB), and Observer states that it has reserved 12 gigabytes of memory; however, Windows does not actually reserve the memory. Windows views all 16 GB of memory, from our example, as available to the operating system. The result of this behavior is that Observer cannot capture data.
 
 
A solution for this issue is to Disable memory hot add for this virtual machine in your virtual machine settings. The process for disabling memory hot add is described in How to disable memory hot add.
 
How to disable memory hot add
Created: 2016-03-28
Memory hot add lets you add memory resources for a virtual machine while the machine is powered on.
VMware Tools must be installed.
The guest operating system supports memory hot add.
The virtual machine uses hardware version 7 or later.
Follow the steps outlined in the vSphere Documentation.
Ensure Disable memory hot add for this virtual machine is selected in the VM properties.
This means the feature is disabled.
Figure 1: Disable memory hot add
 
Memory hot add is now disabled. You should now be able to capture traffic.
 
Experiencing BSOD when packet capture starts
Created: 2016-03-28
A blue screen of death (BSOD) can occur when Observer is installed on a virtual machine and packet capture begins.
 
In this case, the issue is specifically related to the Virtual Machine (VM) itself. The VM has been configured in a way that prevents Observer from using memory correctly, and this leads to a system BSOD when packet capture begins.
 
 
There are some options in the configuration details of your VM that have been found to resolve this issue. These include disabling hotplug options in your virtual machine settings. The process for disabling memory hot add and CPU hot plug is described in How to disable hot plug VM features .
 
How to disable hot plug VM features
Created: 2016-03-28
Hot plug features can interfere with Observer running inside a virtual machine. Disable them to avoid blue screen errors and crashes.
VMware Tools must be installed.
The guest operating system supports Memory/CPU Hotplug.
The virtual machine uses hardware version 7 or later.
Follow the steps outlined in the vSphere Documentation.
Select both Disable memory hot add for this virtual machine and Disable CPU hot plug for this virtual machine in the VM properties.
This means the features will be disabled on this virtual machine.
Figure 2: Disable hot plug options
 
Memory hot add and CPU hot plug features are now disabled. You should now be able to capture network traffic without experiencing a BSOD.