This article gives information on how to work-around the issue where no NSX rule information is shown in UI attached to a security group on Aria Operations for Networks On-Premises.
Symptoms:
1. Customer may be unable to see NSX rule information in Aria Operations for Networks UI attached to a security group:
2. Aria Operations for Networks collector logs show below entries:
2024-08-29T07:29:39.989Z ERROR dataprovider.utils.HttpUtils NSXT_##.###.##.##_Config_OpMgr_Policy-0 checkStatusAndThrow:41 API /policy/api/v1/infra/domains/default/groups/81422b9c-####-###-###-a3132bd35f51/members/logical-ports error response {
"httpStatus" : "BAD_REQUEST",
"error_code" : 500141,
"module_name" : "Policy",
"error_message" : "Error while getting membership for the Group /infra/domains/default/groups/81422b9c-####-###-###-a3132bd35f51 from enforcement point /infra/sites/default/enforcement-points/default. Probable cause: Connectivity issue - INVALID_ARGUMENT: The token is not valid"
}
2024-08-29T07:29:39.989Z ERROR dataprovider.utils.HttpUtils NSXT_##.###.##.##_Config_OpMgr_Policy-0 checkStatusAndThrow:41 API /policy/api/v1/infra/domains/default/groups/81422b9c-####-###-###-a3132bd35f51/members/logical-ports error response {
"httpStatus" : "BAD_REQUEST",
"error_code" : 500141,
"module_name" : "Policy",
"error_message" : "Error while getting membership for the Group /infra/domains/default/groups/81422b9c-####-###-###-a3132bd35f51 from enforcement point /infra/sites/default/enforcement-points/default. Probable cause: Connectivity issue - INVALID_ARGUMENT: The token is not valid"
}
2024-08-29T07:49:13.937Z ERROR dataprovider.utils.HttpUtils NSXT_##.###.##.##_Config_OpMgr-2 checkStatusAndThrow:41 API /api/v1/ns-groups/8ea853d0-####-###-###-919b8a295afd/effective-logical-port-members error response {
"module_name" : "common-services",
"error_message" : "General error has occurred.",
"details" : "INVALID_ARGUMENT: The token is not valid",
"error_code" : 100
}
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
VMware Aria Operations for Networks 6.10
VMware Aria Operations for Networks 6.11
VMware Aria Operations for Networks 6.12
VMware Aria Operations for Networks 6.12.1
Customer unable to see NSX rule information in Aria operations for Networks UI which are attached to a Security Group(s) (SGs).
Aria Operations for Networks uses a new API to collect data from newer versions of NSX. There is an interoperability issue with this API on NSX deployments with a management cluster.
This issue is fixed in latest release i.e. Aria Operations for Networks 6.13.0
Upgrading to NSX-T Version 4.2 versions would be helpful to fix these API issues.
Workaround is available for this in Aria Operations for Networks which involves database modification. Please Open Broadcom support ticket by referring to this Article.