Connecting to a fenced vApp from outside the vCloud Director through telnet using an external IP address times out
search cancel

Connecting to a fenced vApp from outside the vCloud Director through telnet using an external IP address times out

book

Article ID: 342432

calendar_today

Updated On:

Products

VMware Cloud Director VMware NSX Networking VMware vSphere ESXi

Issue/Introduction


Symptoms:
  • Cannot connect to a fenced RedHat vApp (behind a vShield Edge device) from outside VMware vCloud Director (vCD) through Telnet using an external IP address
  • Connecting to a fenced RedHat vApp from outside VMware vCloud Director (vCD) through Telnet using an external IP address fails
  • Port 23 for telnet connectivity is not blocked.
  • Ports 902 and 443 which is open between vCloud Director or vShield Manager.
  • In the RHEL OS Messages log file, located at /var/log/, you see entries similar to:

    <YYYY-MM-DD>T<time> lm-drv nmbd[3810]: dump workgroup on subnet 10.66.206.249: netmask= 255.255.224.0:
    </time>
    <YYYY-MM-DD>T<time></time> lm-drv nmbd[3810]: WORKGROUP(2) current master browser = LM-XP-32BIT
    <YYYY-MM-DD>T<time></time> lm-drv nmbd[3810]: MYGROUP(1) current master browser = LM-DRV
    <YYYY-MM-DD>T<time></time> lm-drv nmbd[3810]: LM-DRV 40849a03 (Samba Server lm-drv)
    <YYYY-MM-DD>T<time></time> lm-drv nmbd[3810]: LM-MON-64BIT 40819a03 (Samba Server lm-mon-64bit)
    <YYYY-MM-DD>T<time></time> lm-drv nmbd[3810]: LM-ENF-64BIT 40819a03 (Samba Server lm-enf-64bit)
    <YYYY-MM-DD>T<time></time> lm-drv xinetd[3700]: EXIT: telnet status=0 pid=5742 duration=7878(sec)
    <YYYY-MM-DD>T<time></time> lm-drv xinetd[3700]: START: telnet pid=18553 from=10.66.195.233
    <YYYY-MM-DD>T<time></time> lm-drv xinetd[3700]: EXIT: telnet status=0 pid=18553 duration=7891(sec)

  • The vcloud-container-debug.log, located at /opt/vmware/vcloud-director/logs, shows entries simliar to:

    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 56 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 102 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 55 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 44 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 18 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 56 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 96 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 96 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp last message repeated 65 times
    <YYYY-MM-DD>T<time></time> vcloud-dlp ntpd[3701]: time reset +0.666702 s
    <YYYY-MM-DD>T<time></time> vcloud-dlp ntpd[3701]: synchronized to 10.66.193.241, stratum 3

  • The same template in the VMware Lab Manager works fine.
  • Client virtual machine is outside the vCloud Director environment.
  • You can successfully open a telnet session from Client virtual machine to the Linux virtual machine.

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware vShield 5.1.x
VMware vShield Edge 5.5.x
VMware vCloud Networking and Security 5.1.x
VMware vShield Edge 5.1.x
VMware NSX for vSphere 6.0.x
VMware Cloud Director 5.1.x
VMware NSX for vSphere 6.1.x
VMware vShield App 5.1.x
VMware Cloud Director 5.5.x

Cause

This issue occurs when the session (through edge virtual machine) is idle, edge closes the connection/session and the Linux virtual machine knows this when the next keep alive is sent for 2 hours.
VMware vShield Edge drops the connection when the TCP idle time cross the default time, that is 3600 seconds.

Resolution

This is a known issue affecting vCloud Director.

Currently, there is no resolution.

To work around this issue:
  1. Deploy the Linux template.
  2. Modify the keep alive time, such that it is less than 3600 seconds on the Linux virtual machine.
  3. Capture the Linux virtual machine as a template.
  4. Use this new templates for later deployments.


Additional Information

Location of vCloud Director log files
vCNS/NSX Edge Firewall TCP Timeout Values