Impact on AON/vRNI Data Collection from NSX Manager Due to Service Account Password Changes
search cancel

Impact on AON/vRNI Data Collection from NSX Manager Due to Service Account Password Changes

book

Article ID: 390519

calendar_today

Updated On:

Products

VMware Aria Operations for Networks VMware NSX VMware NSX-T Data Center

Issue/Introduction

This article describes the impact when the password for the vRealize Network Insight (vRNI) or Aria Operations for Networks (AON) service account, used to connect to the NSX Manager as a data source is changed.

Environment

VMware Aria Operations for Networks

VMware NSX

VMware NSX-T Data Center

Resolution

Following a password change, vRNI / AON will be unable to retrieve data from NSX. You will observe authentication failure requests in the NSX Manager reverse-proxy.log, and the envoy_access_log.txt will display a 403 response code, indicating an authentication issue on the client side. Eventually, the vRNI / AON UI will present an error message stating "Invalid credentials"

The NSX Manager /var/log/proxy/reverse-proxy.log will log a message similar to the following:

Account <service account name> has been temporarily locked for 900 seconds after 5 consecutive failed login attempts.

In the Collector log located at /var/log/arkin/collector, you may encounter the following ERROR log events:

YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils Task_NSXT_<nsx manager fqdn>-0 checkCodeAndThrow:53 Could not get response for /policy/api/v1/infra/ipfix-dfw-collector-profiles/vrni-ipfix-collector-profile, status 404
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils Task_NSXT_<nsx manager fqdn>-0 checkStatusAndThrow:41 API /policy/api/v1/infra/ipfix-dfw-collector-profiles/vrni-ipfix-collector-profile error response {
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR vmware.nsxcommon.AbstractClusterDataSourceFetchUtils Task_NSXT_<nsx manager fqdn>-0 executeHttpCall:136 Error calling callable for path /policy/api/v1/infra/ipfix-dfw-collector-profiles/vrni-ipfix-collector-profile
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR tasks.datafetchers.PolicyIpfixStateWatcher NSXT_<nsx manager fqdn>_Config_OpMgr_Policy-0 sendMultipleIPFIXCollectorEventSDM:118 vRNI CollectorIPs List is null or empty, vrniCollectorIPs: [x.x.x.x]

YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils NSXT_<nsx manager fqdn>_Config_OpMgr-1 checkCodeAndThrow:53 Could not get response for /api/session/create, status 403
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils NSXT_<nsx manager fqdn>_Config_OpMgr-1 checkStatusAndThrow:41 API /api/session/create error response {"module_name":"common-service","error_message":"Authentication Failed: Bad credentials","error_code":98}
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils NSXT_<nsx manager fqdn>_Config_OpMgr-6 checkCodeAndThrow:53 Could not get response for /api/session/create, status 403
YYYY-MM-DDTHH:MM:SS.SSSZ ERROR dataprovider.utils.HttpUtils NSXT_<nsx manager fqdn>_Config_OpMgr-6 checkStatusAndThrow:41 API /api/session/create error response {"module_name":"common-service","error_message":"Authentication Failed: Account is temporarily locked","error_code":98}

To restore data collection, you must update the password for the service account used for NSX in the vRNI / AON UI.

Powered by Wolken Software