NSX startup or lookup service registration fails in NSX-v
search cancel

NSX startup or lookup service registration fails in NSX-v

book

Article ID: 320969

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX lookup service registration fails.
  • You see the error in the User Interface (UI) similar to:

    500 Internal Server Error.
     
  • NSX start up fails.
  • In the vsm.log [/logs/management_service/vsm.log] file, you see entries similar to:

    2018-09-13 00:10:08.282 GMT ERROR localhost-startStop-1 ContextLoader:350 - Context initialization failed
    org.springframework.context.ApplicationContextException: Failed to start bean 'vsmSSOInitializer'; nested exception is java.lang.IllegalArgumentException: Non-positive period.
    Caused by: java.lang.IllegalArgumentException: Non-positive period.

    2018-09-18 08:37:12.822 GMT ERROR http-nio-127.0.0.1-7441-exec-1 BaseRestController:452 - REST API failed : 'Non-positive period.'
    java.lang.IllegalArgumentException: Non-positive period.



    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware NSX Data Center for vSphere 6.x

Cause

This issue occurs when the value of "Maximum holder-of-key token lifetime" vCenter SSO Token policy is improperly configured. (For example, less than 5000 seconds). NSX refers to this value to define token renewal interval (For example, 0.20 * "Maximum holder-of-key token lifetime"/1000) and when it derives to 0, error "Non-positive period" is seen in the logs.

Resolution

To resolve this issue:

  1. Configure "Maximum holder-of-key token lifetime" value under vCenter Administration SSO “Token policy” to minimum of 5000 seconds).Please note the default value for this filed is 2592000 seconds.  
     
  2. If NSX Manager service fails to come up, restart the NSX Management Service either from NSX Manager Appliance Management User Interface (UI) or through the console with the root access by running this command:

    /etc/rc.d/init.d/bluelane-manager restart
     
  3. If the issue is seen with the lookup service registration from the User Interface, re-configure the lookup service. For more information on the values, see the Edit the vCenter Single Sign-On Token Policy
    section of the Edit the vCenter Single Sign-On Token Policy (vSphere 7.0) – Broadcom TechDocs

Notes:

  • This issue is observed when upgrading from VMware NSX for vSphere 6.2.9 to 6.3.6. However, the same issue could also be seen in other NSX releases if the Maximum holder-of-key token lifetime value in Token Policy is misconfigured.
  • It is not recommended to modify the Maximum holder-of-key token lifetime value as a general practice.
Powered by Wolken Software