NSX context engine fails to start after Guest Introspection installation and/or upgrade
search cancel

NSX context engine fails to start after Guest Introspection installation and/or upgrade

book

Article ID: 324292

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • Context engine fails.
  • In the /var/log/syslog.log file, you see entries similar to:

    2017-11-28T19:33:36Z NSX-Context-Engine: [ERROR] (EPSEC) [2510439] ERROR. Ioctl failed to get filter count. Status: 0
    2017-11-28T19:33:36Z NSX-Context-Engine: [ERROR] (EPSEC) [2510439] ERROR. Invalid devId -1
    2017-11-28T19:33:36Z NSX-Context-Engine: [ERROR] (EPSEC) [2510439] ERROR. Failed to get VM filters. Retrying in 60000 seconds
    2017-11-28T19:33:38Z NSX-Context-Engine: [WARN] error 12: cannot open device /dev/vsip: 2


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware NSX for vSphere 6.4.x

Cause

This issue occurs when Guest Introspection (GI) is installed or upgraded before Host Preparation completes.

Resolution

This is a known issue affecting VMware NSX for vSphere 6.4.x.

Currently, there is no resolution.

Workaround:
To work around this issue, restart the vShield-Endpoint-Mux service by running either these commands:
  • /etc/init.d/vShield-Endpoint-Mux restart-nsx-ctxteng  
  • /etc/init.d/vShield-Endpoint-Mux restart
Note: This needs to be done on every ESXi host where this error is observed.

Additional Information

Impact/Risks:
Identity Firewall for RDSH VMs will not work if the context engine is not started.