Network Traffic Analysis (NTA) activation fails after installing the NSX Application Platform 4.1.2
search cancel

Network Traffic Analysis (NTA) activation fails after installing the NSX Application Platform 4.1.2

book

Article ID: 367745

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

After installing the NSX Application Platform 4.1.2, activation of NTA fails despite having a valid Advanced Threat Protection (ATP) license. The following error message appears for the Events and Detector Definitions options under the NSX > Security > Suspicious Traffic menu.

The application server encountered an error while trying to fulfill your request. (404 Not Found)

 

 

Environment

NAPP 4.1.2

Cause

When NAPP 4.1.2 is deployed, it will receive licenses from NSX Manager and will save them to a configmap (platform-licenses). During the installation of NTA (while NSX Intelligence is activated), licenses are verified from the above configmap.

If the expiry time of the license is a non-zero value, it incorrectly considers the license as expired and rejects the license with the following error message printed in /var/log/supportbundle/<cluster-name>/<common-agent-pod-name>.log (from NAPP support bundle).
2024/04/15 20:28:55 license.go:66: Skipping EXPIRED license: key:\"01234-56789-01011-01213-01516\" name:\"NSX Advanced Threat Prevention Add On for NSX Distributed Firewall, NSX DC Advanced, NSX DC Enterprise Plus\" expiry:1713657600000" 

or

2024/04/19 08:57:17 license.go:66: Skipping EXPIRED license: key:\"01234-56789-01011-01213-01516\" name:\"NSX Distributed Firewall with Advanced Threat Prevention\" features:\"endpoint\" features:\"vxlan\" expiry:1784505600000"

This results in the license not getting saved in the configmap and hence NTA fails to get activated.

Resolution

(1) Fresh installation of NAPP 4.1.2.1 resolves this issue - and no workarounds are necessary.


(2) if upgrading from a previous NAPP release to 4.1.2.1, apply the below workaround steps post upgrade :

Steps:
  1. from NSX Manager UI license page, delete Advanced Threat Prevention license
  2. Re-add the license again on the NSX manager UI.
  3. NTA pods will come up.
  4. Verify by executing the command 

napp-k get deployments | awk 'NR==1 || /nta/'
NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
nta-server                     1/1     1            1           62d

The above output indicates that NTA pods have come up successfully after applying the workaround.