Error in UI when modifying edge nodes : "Modification of some properties of an edge node is not allowed via NSX Manager. Kindly use CLI to modify these properties: node_user_settings and allow_ssh_root_login (Error code: 16028)
search cancel

Error in UI when modifying edge nodes : "Modification of some properties of an edge node is not allowed via NSX Manager. Kindly use CLI to modify these properties: node_user_settings and allow_ssh_root_login (Error code: 16028)

book

Article ID: 375618

calendar_today

Updated On:

Products

VMware NSX-T Data Center

Issue/Introduction

  • Running NSX-T 3.2.4 and higher
  • When modifying edge settings (such as N-VDS etc..), the following error appears:
    • Modification of some properties of an edge node is not allowed via NSX Manager. Kindly use CLI to modify these properties: node_user_settings and allow_ssh_root_login (Error code: 16028)

Environment

VMware NSX-T Data Center

VMware NSX

Cause

In version 3.2.4, a validation was introduced to prevent the modification of read-only fields during an edge upgrade call. As a result, if the cliUsername is not stored in the database for certain edges, the update call will trigger this validation and subsequently fail.

Resolution

Step 1: Download the Script

  1. Locate and download the script:
    • Download the Fix_Error_16028_375618.sh script from the article in the attachment section. 

Step 2: Copy the Script to the NSX-T Manager

  1. Transfer the script:
    • Using a secure method such as scp, copy the Fix_Error_16028_375618.sh file to the NSX-T Manager.
    Example command:
    scp Fix_Error_16028_375618.sh root@<NSX-T_Manager_IP>:/root/
    • Replace <NSX-T_Manager_IP> with the NSX-T Manager’s IP address.
    • Authenticate with the NSX-T Manager when prompted.

Step 3: Grant Execution Permissions to the Script

  1. Log in to the NSX-T Manager:

    • Use SSH to log into the NSX-T Manager:
      ssh root@<NSX-T_Manager_IP>
  2. Provide execute permissions to the script:

    • After logging in, navigate to the directory where the script is located and change its permissions using the following command:

      chmod +x Fix_Error_16028_375618.sh
    • This step ensures the script can be executed on the system.


Step 4: Edit the Script with the Environment Details

  1. Open the script for editing:

    • Use the preferred text editor (e.g., vi, nano) to open and modify the script:
      vi Fix_Error_16028_375618.sh
  2. Replace the placeholders with the specific environment information:

    • Inside the script, the variables that need to be updated with the NSX-T Manager's details. Modify the lines as follows:

    # API endpoint and credentials
    URL="https://<NSX-T_Manager_IP>/api/v1/transport-nodes"
    USERNAME="<NSX-T_Username>"
    PASSWORD="<NSX-T_Password>"
     
     
    # Manager IP for the second API call
    MGRIP="<NSX-T_Manager_IP>"
     
    • Replace:
      • <NSX-T_Manager_IP> with the IP address of the NSX-T Manager.
      • <NSX-T_Username> with the username for NSX-T authentication.
      • <NSX-T_Password> with the corresponding password.
  3. Save the script:

    • After making the necessary changes, save and close the file.

Step 5: Execute the Script

  1. Run the script:

    • Now that the script has been configured, it can be executed with the following command:
      ./Fix_Error_16028_375618.sh
  2. Verify successful execution:

    • Upon successful execution,  the below output will be showing:
      Processing node with node_id: ###############-#########-#######-########## Successfully updated node with external_id: ###############-#########-#######-##########
  3. Handling errors:

    • If an error occurs, the script will display the following message:
      Failed to update node with external_id: ###############-#########-#######-##########
    • If this happens, further troubleshooting will be required. We encourage opening a support case through the Broadcom portal for assistance.
    • If the script gives no output at all, check that the credentials are correct and that the account used have necessary permissions (API). Using the admin account recommended.

Additional Information

Issue is fixed in NSX-T 4.2.1

Attachments

Fix_Error_16028_375618.sh get_app