NSX Edge fails to power on when logging in all ACCEPT firewall rules
Article ID: 343351
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
Symptoms:
- NSX Edge fails to power on
- In the /var/log/vmkernel.log file of the ESXi host, you see entries similar to:
2016-04-12T10:13:36.125Z| vcpu-1| I120: DISKLIB-CHAIN : DiskChainUpdateContentID: old=0xfd89b2c1, new=0xfdc145b0 (0db86aa661b2f9ef74f90581fdc145b0)
2016-04-13T00:42:18.070Z| vcpu-0| I120: Vix: [58005863 vmxCommands.c:7586]: VMAutomation_HandleCLIHLTEvent. Do nothing.
2016-04-13T00:42:18.079Z| vcpu-0| I120: MsgHint: msg.monitorevent.halt
2016-04-13T00:42:18.079Z| vcpu-0| I120+ The CPU has been disabled by the guest operating system. Power off or reset the virtual machine.
- In the /var/log/vmkernel.log file of the ESXi host, you see entries similar to:
vmkernel.1:2016-04-16T01:02:33.328Z cpu53:33787)WARNING: ScsiDeviceIO: 2130: Space utilization on thin-provisioned device naa.60060e8013356000502035600000003b exceeded configured threshold
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware NSX for vSphere 6.0.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
Cause
This issue occurs if all ACCEPT rule logging is enabled, which can create serious performance overhead.
Resolution
VMware recommends enabling logging for all ACCEPT firewall rules only for contained debugging purposes and not during highly loaded conditions. Such logging settings also may fill the disk space used to store critical log messages, impacting the ability to troubleshoot real network issues.
Additional Information
Feedback
Yes
No
Powered by
