Duplicate NSX ALB svc user in SDDC manager and vCenter.
search cancel

Duplicate NSX ALB svc user in SDDC manager and vCenter.

book

Article ID: 392335

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

There will be 2 svc users is present in the Password management. If we navigate to password management > Filter with vCenter, 2 svc user are visible for vCenter with the NSX ALB. 

  • The duplicate service can be created if there was an issue encountered trying to deploy NSX Advanced Load Balancer (NSX ALB) from SDDC Manager.
  • Though the deployment has failed, a svc user gets created by the SDDC manager and the vCenter server. This is a stale/duplicate user.
  • After another NSX ALB is deployed successfully you can see 2 users with the same name for the svc user in Password Management.

Running this command gives 2 identical users from SDDC DB: psql -h localhost -U postgres -d platform -c "select id, entitytype, username, servicetype, serviceid from credential where username like '%[email protected]%';"

psql -h localhost -U postgres -d platform -c "select id, entitytype, username, servicetype, serviceid from credential where username like '%[email protected]%';"
                  id                  | entitytype |            username             | servicetype  |              serviceid
--------------------------------------+------------+---------------------------------+--------------+--------------------------------------
 eb16c584-0815-404c-9e36-eea3a923355d | VCENTER    | [email protected]   | NSX_ALB      | 05e42eee-8c2a-40cc-81db-b35227dd741a
 e520f3d3-0594-4316-b695-8734d6ce6e74 | VCENTER    | [email protected]   | NSX_ALB      | 05e42eee-8c2a-40cc-81db-b35227dd741a
(6 rows)

Change [email protected], as per your environment. 

Environment

VMware Cloud Foundation 5.x

Cause

The failed NSX LAB deployment does not clear the svc user created at the time of deployment from SDDC manager. 

Resolution

Validate the duplicate svc user by reviewing the last modified time. Using the unique ID from GET /v1/credentials, remove it from the SDDC manager DB.

1. Take a snapshot of the SDDC manager VM.

2. Fetch the ID to that we need to remove. From SDDC navigate to, Developer Center > API Explorer > Credentials > GET /v1/credentials (In resourceType, input VCENTER).

"id": "eb16c584-0815-404c-9e36-eea3a923355d",
            "credentialType": "SSO",
            "accountType": "SERVICE",
            "username": "[email protected]",
            "creationTimestamp": "yyyy-mm-ddT14:54:33.140Z",
            "modificationTimestamp": "yyyy-mm-ddT14:54:33.140Z",
    

3. Differentiate the modificationTimestamp from the failed deployment and the successful one. Note the id of the svc user that you find as duplicate.

4. SSH to the SDDC manager and run the below command

psql -h localhost -U postgres -d platform -c "delete from credential where id='<ID_from_Step2>';"

5. Reload the SDDC manager UI and validate there is only 1 user present user for the Domain.

Note: Once the duplicate svc-xxx-avi user is removed, ensure to validate the functionalities are working as expected from the NSX load balancer. Removing the incorrect user can cause inconsistencies for the services required to be performed by the svc user. 

 

Powered by Wolken Software