The purpose of this article is to provide awareness of a known issue.
Symptoms:
/var/log/policy/policy.log
Exception 1:
2022-01-06T07:24:18.152Z INFO http-nio-127.0.0.1-6440-exec-111 PolicyIDSFacadeImpl 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" reqId="273c52e3-####-####-####-e0a8b8b120db" subcomp="policy" username="admin"] IDS - Got the request to trigger Signature download
2022-01-06T07:24:18.152Z INFO asyncExecutor-3 IdsSignatureUtils 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS - Starting Signature update process
2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS - Triggering the Signature download from NSX Intel Cloud
2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS- cloud registration is not yet done.
2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS: Getting the license info
2022-01-06T07:24:18.153Z WARN asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="WARNING" subcomp="policy"] No Enforcement point found
2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"errorCode="MP523681" level="ERROR" subcomp="policy"] NSX Data Center Distributed Threat Prevention key not present. IDS need Threat License Key in order to work.2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 SimpleAsyncUncaughtExceptionHandler 6920 Unexpected exce
ption occurred invoking async method: public void com.vmware.nsx.management.policy.ids.utils.IDSOnDeman
dScheduler.startDownload()
Exception 2:
2022-03-03T14:27:50.147Z ERROR asyncExecutor-1 PolicyIDSUtils 15460 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP523675" level="ERROR" subcomp="policy"] Got Exception while registering With NSX cloud client - org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.example.com
org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.example.com
Steps to Reproduce the Issue:
With federated setup there are multiple enforcement point. Code on impacted version not able to determine the correct enforcement point leads to this issue.
Workaround:
Impact/Risks:
Not able to update latest Signatures for IDPS