Edge Node Mismatch alarm: "Failed to refresh the transport node configuration: [Fabric] Password for the following user(s) <user> do not follow complexity rules"
search cancel

Edge Node Mismatch alarm: "Failed to refresh the transport node configuration: [Fabric] Password for the following user(s) <user> do not follow complexity rules"

book

Article ID: 345753

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • You recently upgrade VMware NSX-T Data center to version 3.2.x or higher.
  • An alarm in the NSX-T UI for the edge node indicates a mismatch, when you try to resolve the mismatch you are presented with error:
"Failed to refresh the transport node configuration: [Fabric] Password for the following user(s) root do not follow complexity rules. Password must have at least 12 characters including 1 upper case character, 1 lower case character, 1 numeric digit, 1 special character and at least 5 different characters. Passwords based on dictionary words and palindromes are invalid."
  • Note, in above line, it is the root user, this could be for any other built in user account.
  • If you encounter the following error, then please refer to Failed to refresh the edge transport node configuration due to audit username and password validations for the workaround
    • Failed to refresh the transport node configuration: [Fabric] Provide audit username together with corresponding password property. For audit user, specify either both username and password properties or none. The audit user will be disabled when the username and password are not specified.
  • These edge nodes have been deployed on an NSX-T version prior to 2.5, as can be seen on the following API call and converting the edge create_time epoch value to human readable version:
GET api/v1/transport-nodes/xxxxxxx-ef7f-11ed-a424-xxxxxxxxxxx
  • Then checking the upgrade history:
GET api/v1/upgrade/history
  • Rebooting the edge node does not resolve the issue, sync issue remains.
  • The following ERROR are in in NSX-T manager /var/log/syslog:
ERROR http-nio-127.0.0.1-7440-exec-5 PasswordUtils 12710 FABRIC [nsx@6876 comp="nsx-manager" errorCode="MP16037" level="ERROR" reqId="eb9b763f-cdce-4b83-897e-4bf4c59eb0b1" subcomp="manager" username="admin"] Passsword does not adhere to complexity rules for [root]
WARN http-nio-127.0.0.1-7440-exec-5 PolicyResourceChangeNotificationManager 12710 POLICY [nsx@6876 comp="nsx-manager" level="WARNING" reqId="eb9b763f-cdce-4b83-897e-4bf4c59eb0b1" subcomp="manager" username="admin"] Failure received invoking listener EdgeTransportNodeListener for change UPDATING on resource /infra/sites/default/enforcement-points/default/edge-transport-node/xxxxxxx-ef7f-11ed-a424-xxxxxxxxxxx
ERROR http-nio-127.0.0.1-7440-exec-5 PolicyTransportNodeLcmFacadeImpl 12710 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM16037" level="ERROR" reqId="eb9b763f-cdce-4b83-897e-4bf4c59eb0b1" subcomp="manager" username="admin"] xxxxxxx-ef7f-11ed-a424-xxxxxxxxxxx An error occurred when updating the Transport Node null, cause: null
  • In System - Fabric - Transport Nodes - Edge Nodes, when you attempt to edit the Edge node, you are presented with the following alert:
"Transport node refresh failed: [Fabric] Refresh edge <edge uuid> placement configuration failed. Check network connectivity of the edge node".



Environment

VMware NSX-T

Cause

  • In the earlier versions of VMware NSX-T data center, pre VMware NSX-T data center 2.5, the password requirements were not as stringent as they are in the later versions.
  • Since VMware NSX-T data center 3.2, there are new validation checks for operations carried out on the edge node in vCenter, these lead to an edge node mismatch alarm to be generated, which indicates that vCenter and VMware NSX-T data center do not have the same information about the edge.
  • This alarm is generated to allow this mismatch to be corrected.
  • This issue (unable to resolve the mismatch alarm) occurs when a weak password exists in the VMware NSX-T data center DB for the edge node, thus preventing the operation to correct the mismatch, the edge node redeploy, as the password held in the corfu DB is weaker than the password requirements for the edge node.

Resolution

This is a known issue impacting VMware NSX.

Workaround:
If you believe you have encountered this issue and are unable to upgrade, please open a support request with Broadcom support and reference this KB article.