High NSX Manager CPU during AD Delta Sync
search cancel

High NSX Manager CPU during AD Delta Sync

book

Article ID: 324565

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
High NSX Manager CPU is seen frequently during Active Directory (AD) Delta Sync.  This is observed in NSX-v 6.4.2.
 
You will see the similar log entries in NSX Manager vsm.log:
 
2018-09-25 04:09:10.816 MSK INFO taskExecutor-12 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
2018-09-25 04:43:27.927 MSK INFO taskExecutor-12 LDAPSyncContext:528 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Synchronize (Delta sync) with server: 10.50.24.45, for domain: Domain[id=1, name=gazprom-neft.local], done in 2057057 ms.
2018-09-25 07:09:10.816 MSK INFO taskExecutor-9 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
2018-09-25 07:43:30.287 MSK INFO taskExecutor-9 LDAPSyncContext:528 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Synchronize (Delta sync) with server: 10.50.24.45, for domain: Domain[id=1, name=gazprom-neft.local], done in 2059416 ms.
2018-09-25 10:09:10.816 MSK INFO taskExecutor-17 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
2018-09-25 10:43:17.910 MSK INFO taskExecutor-17 LDAPSyncContext:528 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Synchronize (Delta sync) with server: 10.50.24.45, for domain: Domain[id=1, name=gazprom-neft.local], done in 2047037 ms.
2018-09-25 13:09:10.816 MSK INFO taskExecutor-13 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
2018-09-25 13:43:30.708 MSK INFO taskExecutor-13 LDAPSyncContext:528 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Synchronize (Delta sync) with server: 10.50.24.45, for domain: Domain[id=1, name=gazprom-neft.local], done in 2059822 ms.
2018-09-25 16:09:10.816 MSK INFO taskExecutor-9 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
2018-09-25 16:43:14.023 MSK INFO taskExecutor-9 LDAPSyncContext:528 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Synchronize (Delta sync) with server: 10.50.24.45, for domain: Domain[id=1, name=gazprom-neft.local], done in 2043160 ms.
2018-09-25 19:09:10.816 MSK INFO taskExecutor-16 LDAPSyncContext:431 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Start to process request: Delta sync
 
2018-11-19 10:18:00.577 MSK  INFO taskScheduler-21 CPUUsagesMonitor:237 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Starting CPU monitoring as CPU usage was above threshold limit (80%) for consecutive 5 interval
2018-11-19 10:30:09.753 MSK  INFO taskScheduler-19 CPUUsagesMonitor:237 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Starting CPU monitoring as CPU usage was above threshold limit (80%) for consecutive 5 interval
2018-11-19 13:17:37.387 MSK  INFO taskScheduler-17 CPUUsagesMonitor:237 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Starting CPU monitoring as CPU usage was above threshold limit (80%) for consecutive 5 interval
2018-11-19 13:29:46.502 MSK  INFO taskScheduler-17 CPUUsagesMonitor:237 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Starting CPU monitoring as CPU usage was above threshold limit (80%) for consecutive 5 interval
2018-11-19 14:13:11.830 MSK  INFO taskScheduler-30 CPUUsagesMonitor:237 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] Starting CPU monitoring as CPU usage was above threshold limit (80%) for consecutive 5 interval
 
2018-11-19 10:31:54.832 MSK ERROR taskExecutor-20 SqlExceptionHelper:131 - ERROR: duplicate key value violates unique constraint "ix_host_loginname_domain_id_key"
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "ix_host_loginname_domain_id_key"
2018-11-19 13:31:41.397 MSK ERROR taskExecutor-4 SqlExceptionHelper:131 - ERROR: duplicate key value violates unique constraint "ix_host_loginname_domain_id_key"
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "ix_host_loginname_domain_id_key"
 
postgres log /common/db/vshield/serverlog:
2019-01-02 10:16:42.544 GMT [5865]: [1-1] ERROR: duplicate key value violates unique constraint "ix_host_loginname_domain_id_key"
2019-01-02 10:16:42.544 GMT [5865]: [2-1] DETAIL: Key (lower(loginname::text), domain_id)=(hq-win2012-02a$, 4) already exists.
2019-01-02 10:16:42.544 GMT [5865]: [3-1] STATEMENT: update ai_host set deletedate=$1, displayname=$2, distinguishedname=$3, domain_id=$4, domain_sync_rootdn_id=$5, lastchangedtime=$6, orgunit_id=$7, primary_id=$8, security_id=$9, discoverymethod=$10, loginname=$11, description=$12, fqhostname=$13, singlemultiflag=$14, osstr=$15 where id=$16

Environment

VMware NSX for vSphere 6.4.x

Cause

In this customer scenario, the following changes are made in AD –
    SID1: A
    SID2: B
 change to:
    SID1: B
    SID2: A
 
The problem here is due to the new name conflicting with the existing name in other objects in Active Directory (AD) even current NSX-v does support renaming AD objects while SID stays the same. 
Note the conflict is transient - meaning there is no conflict in final system state but the conflicts result when processing one of the update.
For example, if changes are applied in stages, we will not see this issue.

   SID1: A
   SID2: B
change to:
   SID1: X
   SID2: B
sync AD, then change to:
   SID1: X
   SID2: A
sync AD, then change to:
   SID1: B
   SID2: A
sync AD

Resolution

This is a known issue affecting VMware NSX for vSphere 6.4.2 to 6.4.4.
Currently, there is no resolution.

Workaround:
To work around this issue, file a support request with Broadcom Support and quote this Knowledge Base article ID (324565)  in the problem description.

Powered by Wolken Software