Service Status Down alarm remains open for Malware Prevention Service VM on NSX Manager.

On alarms tab on NSX Manager, user will be able to see following alarm

Service NSX_LASTLINE_RAPID is not running on <tn-fqdn-name>.

Issue happens with NSX 4.2.0.x and SSP 5.0. This issue will not be seen if NSX 4.2.0.x used with NAPP.

Issue happens because NSX Manager 4.2.0.x is unable to connect to SSP kafka client to read health status messages sent from Malware Prevention SVM deployed on every host as well as from Edge gateway.

There is no workaround for this issue. Issue is fixed in NSX 4.2.1.

If the NSX Manager is already on 4.2.1 or above version, then there is a high possibility that the connectivity between the SVM and the NSX Manager is broken. Rechecking the Network settings/VLAN that is attached to these SVMs.

If the network settings are not correct, undeploy the SVMs from the NSX Manager UI, navigate to Security -> IDS/IPS & Malware Prevention -> Settings, attach the correct Network, and deploy the SVMs back.