NSXT-LCM user failing to login with multiple attempts to the Advanced Load Balancer (ALB)
search cancel

NSXT-LCM user failing to login with multiple attempts to the Advanced Load Balancer (ALB)

book

Article ID: 345886

calendar_today

Updated On:

Products

VMware NSX VMware NSX VMware NSX-T Data Center VMware NSX Advanced Load Balancer

Issue/Introduction

Receiving repeated failed login event on NSX ALB from NSX Manager for nsx-lcm account. ALB is deployed using NSX manager UI.

USER_LOGIN occurred on object None in tenant admin as User nsxt-lcm login (Failure) from <IP> using API NSXT Version: 4.0.1.x

Environment

VMware NSX-T Data Center
VMware NSX

Cause

The nsxt-lcm user is created during the onboarding workflow used for deployment of Advanced Load Balancer (ALB) via the NSX manager.  This user is not created if the ALB is deployed as an OVA using vCenter to deploy the OVA. The user does not utilize a password.  This user employs authentication tokens for system login.

These authentication tokens are created for a duration of 45 minutes and used to fetch cluster information as well as configurations done in ALB via NSX. The authentication tokens are refreshed periodically, and older tokens are deleted in the process. This is by design. The account does not show up in the NSX manager GUI since it this user is specific to the ALB. 

The delete operation should be executed only by the leader manager node. However, all three nodes are deleting the token. The old token is deleted in one node and hence the other two nodes received an error when reach out to the controller using the token.

Resolution

There are no security concerns with this issue.  It will cause log bloating for monitoring application that are benign.

This issue is resolved in NSX 4.1.2. There is no work around for this issue. 
 


Additional Information