Error on NSX UI "Error generating support bundle " while generating ESXi host logs
search cancel

Error on NSX UI "Error generating support bundle " while generating ESXi host logs

book

Article ID: 373352

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Generating support bundle logs for ESXi hosts from NSX-T local manager UI shows error "Error Generating support bundle".

  • NSX-T LM log from /var/log/syslog will show the following error

    2024-07-16T01:45:56.607Z <nsx-manager.fqdn> NSX 67809 - [nsx@6876 comp="nsx-manager" subcomp="node-mgmt" username="root" level="INFO"] Remote node 0a0b6c2a-46f0-4bd2-b561-e11eaf766e58 reported generation failed status

  • ESXi host logs from /var/run/log/nsx-syslog.log will show the following entries.

    2024-07-16T01:45:41.585Z nsx-opsagent[2245677]: NSX 2245677 - [nsx@6876 comp="nsx-esx" subcomp="opsagent" s2comp="sbundle" tid="2246006" level="INFO"] New bundle request received2024-07-16T01:45:41.585Z nsx-opsagent[2245677]: NSX 2245677 - [nsx@6876 comp="nsx-esx" subcomp="mpa-client" tid="2246006" level="INFO"] [SupportBundle] RespondMsg : Sent response with type (com.vmware.nsx.support_bundle.SupportBundle.BundleStatusResponseMsg) corelationId (f5c07d3a-0638-606f-5bab-69b37dc1fd8f) trackingId (f5c07d3a-0638-606f-5bab-69b37dc1fd8f)
    2024-07-16T01:45:42.482Z nsx-opsagent[2245677]: NSX 2245677 - [nsx@6876 comp="nsx-esx" subcomp="mpa-client" tid="2245677" level="INFO"] [AlarmsProvider] SendRequest: To Master APH, Publish, type (com.vmware.nsx.monitoring.CollectorMpMsg) correlationId () trackingIdStr (c13f090a-b66a-08b4-9125-5d597060ccd4) Success.
    2024-07-16T01:45:44.861Z nsx-opsagent[2245677]: NSX 2245677 - [nsx@6876 comp="nsx-esx" subcomp="opsagent" s2comp="sbundle" tid="2245750" level="INFO"] Processing new bundle request
    2024-07-16T01:45:48Z nsx-logger: NSX 8990516 - [nsx@6876 comp="nsx-esx" subcomp="sbundle-collect" username="root" level="WARNING"] Unable to collect support bundle: rc: 1, error: 2024-07-16 01:45:48,640 WARNING main.py:583 Command cannot succeed because this host is in crypto safe mode and the vm-support incident key is missing. To collect useful coredumps, perform these tasks: 1. Generate a vm-support incident key by running: crypto-util keys vm-support --password prolog 2. Run vm-support: vm-support [options] 3. Perform cleanup: crypto-util keys vm-support epilog.

Environment

VMware NSX-T Data Center

 

Cause

  • Virtual machines running vTPM feature and vMotioning to specific ESXi host will be encountering this issue while generating the support bundle on NSX-T UI, since the host would be in crypto safe mode.
  • vTPM is a software-based representation of a physical Trusted Platform Module 2.0 chip.
  • Host encryption mode must be enabled if you want to perform encryption tasks, such as creating an encrypted virtual machine, on an ESXi host. In most cases, host encryption mode is enabled automatically when you perform an encryption task.

 

Resolution

  • Currently, NSX-T does not support collecting ESXi log bundle in crypto safe mode.

  • Following workaround could be used to collect the ESXi host logs from NSX-T UI.
  • Below commands needs to executed on ESXi host CLI.

    • Generate a vm-support incident key by running: crypto-util keys vm-support --password prolog.
    • Run vm-support: vm-support [options] 
    • Perform cleanup: crypto-util keys vm-support epilog.

Additional Information

  • A new error message will be added in 4.1.2 for the ESXi host that's in crypto safe mode:

        "Support bundle collection of ESXi host in crypto safe mode via NSX not currently supported, use vCenter instead".

Powered by Wolken Software