IDFW Event Server configuration results in an "Unknown error"
Article ID: 324187
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
- On the UI, under Inventory -> Identity Firewall AD, configuring Event Server to enable Log Scraping results in an "
Unknown error". - In the NSX-T Manager log,
/var/log/proton/nsxapi.log, logging similar to this example is seen
2022-03-02T19:19:20.937Z INFO http-nio-127.0.0.1-7440-exec-14038 ElsStatusUpdater 12582 FIREWALL [nsx@6876 comp="nsx-manager" level="INFO" reqId="########-####-####-####-########0d76" subcomp="manager" username="admin"] EventLogServer: connection test status: domain=example.com host=192.168.1.10 user=svc_nsxmanager status=ERROR, Unknown error
Environment
VMware NSX-T Data Center 3.x
Cause
When configuring IDFW Event Server an unknown error is seen due to incorrect parsing of the event record id. This issue occurs if the received event record id is a long value.
Resolution
This issue is resolved in VMware NSX-T Data Center 3.2.0.1
This issue is resolved in VMware NSX-T Data Center 3.2.1.0
This issue is resolved in VMware NSX 4.0.0
Workaround:
VMware Tools introspection module can be used as an alternative login detection mechanism when Event Server cannot be configured.
If this is not an viable workaround, please open a Support Request with VMware Support to discuss other options.
This issue is resolved in VMware NSX-T Data Center 3.2.1.0
This issue is resolved in VMware NSX 4.0.0
Workaround:
VMware Tools introspection module can be used as an alternative login detection mechanism when Event Server cannot be configured.
If this is not an viable workaround, please open a Support Request with VMware Support to discuss other options.
Feedback
Yes
No
Powered by
