Host prepared for NSX-T Data Center may go into a failed state when lockdown mode is enabled
search cancel

Host prepared for NSX-T Data Center may go into a failed state when lockdown mode is enabled

book

Article ID: 318315

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX-T Data Center was installed and working on ESXi hosts.
  • Lockdown mode was recently enabled on the ESXi hosts.
  • Log message similar to the following are seen in ESXi host /var/log/nsx-syslog:
2021-06-18T06:07:18Z nsx-opsagent[2126004]: ip: "192.168.1.111"     device: "vmk11"     operation: UPDATE   }   transportzone_id: "########-####-####-####-##########8f"   transport_vlan: 2018   mtu: 9000   switch_name: "switch-vds01"   subnet_mask: "255.255.255.0"   default_gateway: "192.168.1.1"   vtep_on_static_ip: true   overlay: true   mode: STANDARD   vdr_mac: "##:##:##:##:##:52"   overlay_encap: GENEVE   type: VDS } config_version: "1" operation_result: "[GetNsxEnabledCvdsIds]: Fetching existing vds call failed in hostd: {\'faultMessage\': [], \'fault\': \'NotAuthenticated\', \'msg\': \'The session is not authenticated.\'}; " host_id: "########-####-####-####-##########e7" transport_node_id: "########-####-####-####-##########e7" error_code: 8700 host_config_msg_id: "########-####-####-####-##########a2" type: HYPERVISOR phase: PHASE2_COMBINED host_switch_type_changed

Environment

VMware NSX-T Data Center 3.x
VMware NSX-T Data Center

Cause

When a host is put in lockdown mode, there are some system users which are still required and need to be added to the exception list.
Due to a race condition, the nsx-user does not get added to the list.

Resolution

This issue is resolved in VMware NSX-T Data Center 3.1.4.
This issue is resolved in VMware NSX-T Data Center 3.2.0.

Workaround:
Manually add the nsx-user to the exception list: Enable lockdown and add exception users

Procedure:

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, select Security Profile.
  4. In the Lockdown Mode panel, click Edit.
  5. Click Exception Users and click the Add User icon to add exception users.

Then resolve the error in the NSX-T UI for install failed.

Powered by Wolken Software