Edge node status is seen as "unknown" in NSX manager
search cancel

Edge node status is seen as "unknown" in NSX manager

book

Article ID: 381450

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Edge node status is showing "unknown" state in NSX manager even when Management plane and Data plane connectivity looks fine.

  • Login to the NSX Edge node putty/ssh as user admin, Navigate to root user by entering the command st en
  • As root user, navigate to the log file /var/log/syslog
  • In syslog, you will see issues related to owner/group permission on aphinfoservice.sock file.

2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="INFO"] ConnectionKeeper[2 unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock] attempting connection
2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-net" tid="3610" level="WARNING"] StreamConnection[15 Connecting to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock sid:15] Couldn't connect to 'unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock' (error: 13-Permission denied)
2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-net" tid="3610" level="WARNING"] StreamConnection[15 Error to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock sid:-1] Error 13-Permission denied
2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="WARNING"] RpcConnection[15 Connecting to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock 0] Couldn't connect to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock (error: 13-Permission denied)
2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="WARNING"] RpcTransport[5] Unable to connect to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock: 13-Permission denied
2024-08-25T17:54:36.095Z nsx-edge-02 NSX 2967 - [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="INFO"] ConnectionKeeper[2 unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock] scheduling connection attempt in 1000 ms

Environment

VMware NSX

Cause

Permission denied on APH (Appliance Proxy Hub) socket on Edge host connections as nsx-proxy user groupID is incorrect

By default, the nsx-proxy user groupID on NSX should be 155

Resolution

  • Login to the NSX Edge node putty/ssh as user admin, Navigate to root user by entering the command st en

Run the command cat /etc/passwd |grep nsx-proxy
nsx-proxy:x:100002:100002::/home/nsx-proxy:/bin/false

cat /etc/group |grep nsx-proxy
nsx-proxy:x:100002:mpa,ua,dhcp,nsx-opsagent,nsxa,exporter,audit,admin,www-data,nsx-sha

  • Run the command below to change the groupID of nsx-proxy to 155 default value.

groupmod -g 155 nsx-proxy

service nsx-proxy restart

  • Validate that the nsx-proxy user is updated with proper groupID in /etc/passwd and /etc/group files

cat /etc/passwd |grep nsx-proxy
nsx-proxy:x:155:155::/home/nsx-proxy:/bin/false

cat /etc/group |grep nsx-proxy
nsx-proxy:x:155:mpa,ua,dhcp,nsx-opsagent,nsxa,exporter,audit,admin,www-data,nsx-sha

 

  • Ensure the right owner/group permissions are set on aphinfoservice.sock. Login to the NSX Edge with root and run the command below

ls -ld /run/vmware/nsx-proxy/aphinfoservice.sock
srwxrwx--- 1 nsx-proxy nsx-proxy 0 Apr  7 02:16 ./run/vmware/nsx-proxy/aphinfoservice.sock

 

 

Additional Information

If further any services are not listed as part of the group nsx-proxy, then please restart the corresponding service, the corresponding user should be added to the group.
Else please use the below command to manually add the user to the group nsx-proxy

usermod -a -G nsx-proxy [user]
Powered by Wolken Software