A Full or Delta LDAP sync fails with UI connection reset.
The nsxapi.log shows that the synchronization process starts and never progresses past step "1: waiting for DirectoryGroupMemberProcessor to finish"
$ grep DirectoryGroupMemberSyncProcessor var/log/proton/nsxapi.1.log
2024-10-01T18:13:09.309Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] stop sync processor [Group-Member]: DirectoryGroupMemberSyncProcessor@4c2a51ca
2024-10-01T18:13:09.309Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 1: stop group-member processor: DirectoryGroupMemberObjectProcessor@1c3cfc66
2024-10-01T18:13:09.309Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 2: stop group-member processor: DirectoryGroupMemberObjectProcessor@2fe4e75c
2024-10-01T18:13:14.309Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 3: stop group-member processor: DirectoryGroupMemberObjectProcessor@12f43192
2024-10-01T18:13:14.310Z ERROR LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" errorCode="MP38005" level="ERROR" subcomp="manager"] Error happened in GroupMemberProcessor thread. Not all groupMember got synchronized.
at com.vmware.nsx.management.directory.synchronization.DirectoryGroupMemberSyncProcessor.process(DirectoryGroupMemberSyncProcessor.java:143) ~[?:?]
2024-10-01T18:13:14.310Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 3: waiting for DirectoryGroupMemberProcessor to finish
2024-10-01T18:13:14.310Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 3: DONE: DirectoryGroupMemberProcessor
2024-10-01T18:13:14.316Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] # of unknown entities while processing Group Member: 24
2024-10-01T18:13:14.316Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Unknown names:
2024-10-01T18:13:14.316Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] === Finish sync Group-Member objects. Time: 603620.3 sec, # read: 88295, # processed: 88262, # invalid: 31
2024-10-01T18:13:14.336Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] destroy sync processor [Group-Member]: DirectoryGroupMemberSyncProcessor@4c2a51ca
2024-10-01T18:13:14.336Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 1: destroy group-member processor: DirectoryGroupMemberObjectProcessor@1c3cfc66
2024-10-01T18:13:14.336Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 2: destroy group-member processor: DirectoryGroupMemberObjectProcessor@2fe4e75c
2024-10-01T18:13:14.336Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 3: destroy group-member processor: DirectoryGroupMemberObjectProcessor@12f43192
2024-10-01T18:13:14.370Z INFO ActivityWorkerPool-1-15 LdapSyncContext 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] group-member processor: DirectoryGroupMemberSyncProcessor@bd51e95 (enabled)
2024-10-01T18:13:14.371Z INFO ActivityWorkerPool-1-15 DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] init(): sync processor [group-member]: DirectoryGroupMemberSyncProcessor@bd51e95, # obj processors: 3, baseDn: DC=rte-intra,DC=com,DC=br
2024-10-01T18:13:14.396Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] === Start to sync Group-Member objects with 3 DirectoryGroupMemberProcessor (initialSync: false)
2024-10-01T18:20:14.632Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] === Start to sync Group-Member objects with 3 DirectoryGroupMemberProcessor (initialSync: false)
2024-10-01T18:20:19.546Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Total groups loaded from database for member sync: 2390
2024-10-01T18:20:19.546Z INFO LdapSyncTask DirectoryGroupMemberSyncProcessor 85779 INVENTORY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] 1: waiting for DirectoryGroupMemberProcessor to finish
DirectoryGroupMemberProcessor stays at "waiting to finish" forever.
VMware NSX 4.1.x and prior versions
VMware vDefend Firewall
There is an infinite loop while fetching the members of an AD group.