NSX Manager with only an IPv6 address configured does not establish connections to LDAP servers
Article ID: 371996
Updated On:
Products
VMware NSX Networking
VMware NSX
Issue/Introduction
- NSX Manager v4.2.0 configured with only an IPv6 address do not establish connections to external servers, such as Active Directory, if the DNS response includes both IPv4 and IPv6 addresses. For instance, when adding an LDAP server, the UI will display an error message:
“The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct IP/hostname.”
- The following log message can be found in the /var/log/proton/nsxapi.log
<timestamp> <NSX Manager name> NSX 78034 SYSTEM [nsx@6876 audit="true" comp="nsx-manager" level="INFO" subcomp="manager"] UserName:'<omitted>' ModuleName:'LDAP Identity Source Service' Operation:'POST@/api/v1/aaa/ldap-identity-sources' Operation status: 'failure' Error: Unable to obtain server certificate. Communication error. Verify that the IP address/hostname, port, and other parameters are correct.- The above error is an example. Errors such as ‘no route to host,’ ‘network unreachable,’ ‘communication error,’ or other network-related issues may occur depending on the scenario
Environment
VMware NSX 4.2.0
Cause
The NSX manager java based processes give first preference to the IPv4 addresses from the DNS response. Hence, the connections to those addresses will fail.
Resolution
The issue will be resolved in NSX 4.2.1.
If you believe you have encountered this issue and are unable to upgrade, please open a support case with Broadcom Support NSX-T GSS and refer to this KB article.
For more information, see Creating and managing Broadcom support cases.
Feedback
Yes
No
Powered by
