Symptoms:
Problems downloading
IDS\IPS signatures in NSX-T. It appears to go into Updating IDS Signatures and never completes.
"Update Now" hyperlink becomes available just like if the Signatures download from NSX Threat Intel Cloud ( https://api.prod.nsxti.vmware.com/) was successful.
However if we click on hyperlink the task never completes a few minutes later minutes
"Update Now" hyperlink becomes available again.
You see an Exception while authenticating with cloud client under
policy.log.
Log location --- var/log/policy/policy.log
2021-08-30T16:01:30.749Z INFO http-nio-127.0.0.1-6440-exec-13 FacadeInterceptorHelperImpl 15321 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] Starting intent for /policy/api/v1/infra/settings/firewall/security/intrusion-
services/signatures/status with reqID c22d8457-f5f0-4da0-aaee-2504f6a49fe5
2021-08-30T16:01:31.600Z ERROR asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP523677" level="ERROR" subcomp="policy"] Got Exception while authenticating with cloud client - org.springframework.web.c
lient.HttpClientErrorException$Forbidden: 403 Forbidden: [{"error_code":100104,"error_message":"Unable to retrieve required information"}]
org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"error_code":100104,"error_message":"Unable to retrieve required information"}]
at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:109) ~[spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:170) ~[spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:112) ~[spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE]
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:782) ~[spring-web-5.2.6.RELEASE.jar:5.2.6.RELEASE..
truncated...
2021-08-30T16:01:31.600Z INFO asyncExecutor-1 IdsSignatureUtils 15321 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS- Cloud Authentication failed, will try to register again
2021-08-30T16:01:31.600Z INFO asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS - Triggering the Signature download from NSX Intel Cloud
2021-08-30T16:01:31.600Z INFO asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS- Re-registering with NSX Intel Cloud.
2021-08-30T16:01:31.603Z INFO asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS: Getting the license info
2021-08-30T16:01:31.603Z WARN asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="policy"] No Enforcement point found
2021-08-30T16:01:31.603Z ERROR asyncExecutor-1 PolicyIDSUtils 15321 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP523681" level="ERROR" subcomp="policy"] NSX Data Center Distributed Threat Prevention key not present. IDS need Threat L
icense Key in order to work.
2021-08-30T16:01:31.604Z ERROR asyncExecutor-1 SimpleAsyncUncaughtExceptionHandler 15321 Unexpected exception occurred invoking async method: public void com.vmware.nsx.management.policy.ids.utils.IDSOnDemandScheduler.startDownload()
com.vmware.nsx.management.common.exceptions.InvalidArgumentException: null
at com.vmware.nsx.management.policy.ids.utils.PolicyIDSUtils.registerCloudCacheClient(PolicyIDSUtils.java:434) ~[libpolicy-framework-api.jar:?]
at com.vmware.nsx.management.policy.ids.utils.PolicyIDSUtils.downloadSignatures(PolicyIDSUtils.java:571) ~[libpolicy-framework-api.jar:?]
truncated...Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.