Unable to add LDAP server for IDFW as domain already exists in NSX-T
search cancel

Unable to add LDAP server for IDFW as domain already exists in NSX-T

book

Article ID: 370835

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

  • You have used Identity Firewall in the past but have removed the configuration in the NSX-T UI.
  • You will observe a similar error in section System -->Identity Firewall AD while configuring an LDAP server for IDFW.

  • You will observe similar logging on the NSX Manager found in  /var/log/syslog

<Year>-<Month>-<Day><Time> <NSX-Manager> NSX 70653 INVENTORY [nsx@6876 comp="nsx-manager" errorCode="MP38018" level="ERROR" subcomp="manager"] Domain with name <domain.com> already exists

  • You will observe that the problematic domain is not present while running the below API command against the NSX Manager

GET https://<NSX-Manager>/api/v1/directory/domains

{
"results": [],
"result_count": 0
}

  • You will observe the a similar output to the one below while running the below API command against the NSX Manager

GET https://<NSX-Manager>/policy/api/v1/infra/firewall-identity-stores

{
"results": [],
"result_count": 0
}

Cause

There is a stale entry in NSX-T that will not allow you to add a new LDAP server with the same Domain name.

Resolution

If you think you have encountered this issue please open a case with the ANS team.

Powered by Wolken Software