Listing Directory Group entities fails
search cancel

Listing Directory Group entities fails

book

Article ID: 325131

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • From the vSphere Web Client (NSX plugin):
    • Listing Directory Group entities fails when creating or editing a Security Group with an error: Internal server error has occurred
    • In the NSX Manager logs (using show log manager), you see entries similar to:
      2018-01-25 15:02:24.774 GMT WARN http-nio-127.0.0.1-7441-exec-3 RemoteInvocationTraceInterceptor:87 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.securitygroup.service.SecurityGroupFacade.getApplicableMembersByType
      java.lang.NullPointerException
      	at com.vmware.vshield.blueprint.useridentity.service.ADMemberProvider.setDomainScope(ADMemberProvider.java:185)
      	at com.vmware.vshield.blueprint.useridentity.service.ADMemberProvider.getMembersByType(ADMemberProvider.java:105)
      	at com.vmware.vshield.vsm.securitygroup.service.SecurityGroupServiceImpl.getApplicableMembersByType_aroundBody116(SecurityGroupServiceImpl.java:823)
      	at com.vmware.vshield.vsm.securitygroup.service.SecurityGroupServiceImpl$AjcClosure117.run(SecurityGroupServiceImpl.java:1)
      	at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
      	at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureCheck(VsmSecuredAspect.java:126)
      [...]
      2018-01-25 15:02:24.780 GMT DEBUG http-nio-127.0.0.1-7441-exec-3 RemoteInvocationBasedExporter:94 - Target method failed for RemoteInvocation: method name 'getApplicableMembersByType'; parameter types [java.lang.String, java.lang.String, java.util.Map, java.lang.String]
      	java.lang.NullPointerException
      	at com.vmware.vshield.blueprint.useridentity.service.ADMemberProvider.setDomainScope(ADMemberProvider.java:185)
      	at com.vmware.vshield.blueprint.useridentity.service.ADMemberProvider.getMembersByType(ADMemberProvider.java:105)
      	at com.vmware.vshield.vsm.securitygroup.service.SecurityGroupServiceImpl.getApplicableMembersByType_aroundBody116(SecurityGroupServiceImpl.java:823)
      	at com.vmware.vshield.vsm.securitygroup.service.SecurityGroupServiceImpl$AjcClosure117.run(SecurityGroupServiceImpl.java:1)
      	at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
      	at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureCheck(VsmSecuredAspect.java:126)
      [...]
    • In the vCenter virgo logs (vsphere-client/logs/vsphere_client_virgo.log), you see entries similar to:
      [2018-01-25T15:02:24.875Z] [WARN ] http-bio-9090-exec-99         org.springframework.flex.core.DefaultExceptionLogger              The following exception occurred during request pr
      ocessing by the BlazeDS MessageBroker and will be serialized back to the client:  flex.messaging.MessageException: com.vmware.vshield.vsm.remoting.server.exceptions.RemoteBaseExcept
      ion : Internal server error has occurred.
      	at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:444)
      	at com.vmware.vise.messaging.remoting.JavaAdapterEx.invoke(JavaAdapterEx.java:50)
      	at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      	at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1400)
      	at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:1011)
      	at flex.messaging.endpoints.AbstractEndpoint$$FastClassByCGLIB$$1a3ef066.invoke(<generated>)
      [...]
  • From REST API (GET /api/3.0/ai/directorygroup):
    • The NSX Manager returns: HTTP 500 Internal Server Error
    • The response body is: <error><errorCode>100</errorCode></error>
    • In the NSX Manager logs (using show log manager), you see entries similar to:
      2018-05-25 10:38:58.930 CEST ERROR http-nio-127.0.0.1-7441-exec-166 BaseRestController:518 - - [nsxv@6876 comp="nsx-manager" subcomp="manager"] REST API failed : 'null'
      java.lang.NullPointerException: null
          at com.vmware.vshield.blueprint.ai.reports.facade.EntityServiceFacadeImpl.fromDo(EntityServiceFacadeImpl.java:288) ~[blueprint-1.0.jar:?]
          at com.vmware.vshield.blueprint.ai.reports.facade.EntityServiceFacadeImpl.getDirectoryGroups_aroundBody4(EntityServiceFacadeImpl.java:129) ~[blueprint-1.0.jar:?]
          at com.vmware.vshield.blueprint.ai.reports.facade.EntityServiceFacadeImpl$AjcClosure5.run(EntityServiceFacadeImpl.java:1) ~[blueprint-1.0.jar:?]
          at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) ~[aspectjweaver-1.8.9.jar:1.8.9]
          at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureFeatureCheck(VsmSecuredAspect.java:162) ~[vsm-core-1.0.jar:?]
          at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.ajc$inlineAccessMethod$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$secureFeatureCheck(VsmSecuredAspect.java:1) ~[vsm-core-1.0.jar:?]
          [...]
      
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x

Cause

This issue occurs when some metadata is missing on the NSX Manager for a Directory Group object.

Resolution

This issue is resolved in: 
VMware NSX for vSphere 6.4.2, available at VMware Downloads.
VMware NSX for vSphere 6.3.7, available at VMware Downloads.


Note: Upgrading an affected NSX Manager to 6.4.2 or 6.3.7 will resolve the issue.

Workaround:
To work around this issue if you do not want to upgrade, file a support request with VMware Support and quote this Knowledge Base article ID (52773)  in the problem description. For more information, see How to Submit a Support Request.

Additional Information

Impact/Risks:
There is no impact to this issue. However, automation may not work due to the REST API call failing, and creating/editing Security Groups containing Directory Group entities from NSX Plugin for vSphere may not be possible.