Edge node's status showing as unknown in NSX manager UI
search cancel

Edge node's status showing as unknown in NSX manager UI

book

Article ID: 392388

calendar_today

Updated On:

Products

VMware NSX-T Data Center

Issue/Introduction

  • Alarm observed within NSX UI: "Permission denied on APH socket on host connections"
  • The collection of additional data through the following steps will help to confirm if the issue is related to an incorrect groupID:  
    • If the output of following command is showing listening / connected but not established.
      #netstat -nap | grep aph
      unix 2 [ ACC ] STREAM LISTENING 14256215 1267033/nsx-proxy /var/run/vmware/nsx-proxy/aphinfoservice.sock
      unix 3 [ ] STREAM CONNECTED 14256649 1267033/nsx-proxy /var/run/vmware/nsx-proxy/aphinfoservice.sock
      unix 3 [ ] STREAM CONNECTED 14256255 1267033/nsx-proxy /var/run/vmware/nsx-proxy/aphinfoservice.sock
    • Review messages in /var/log/syslog to search for the similar entries
      [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="INFO"] ConnectionKeeper[2 unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock] attempting connection
      [nsx@6876 comp="nsx-edge" s2comp="nsx-net" tid="3610" level="WARNING"] StreamConnection[15 Connecting to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock sid:15] Couldn't connect to 'unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock' (error: 13-Permission denied)
      [nsx@6876 comp="nsx-edge" s2comp="nsx-net" tid="3610" level="WARNING"] StreamConnection[15 Error to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock sid:-1] Error 13-Permission denied
      [nsx@6876 comp="nsx-edge" s2comp="nsx-rpc" tid="3610" level="WARNING"] RpcConnection[15 Connecting to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock 0] Couldn't connect to unix:///var/run/vmware/nsx-proxy/aphinfoservice.sock (error: 13-Permission denied) 
    • Capture the groupID of nsx-proxy in /etc/group  file.
      #less /etc/group | grep "nsx-proxy"
      If the group ID for 'nsx-proxy' is different than 155 then need to correct the groupID for nsx-proxy
      Example of a healthy output:
      nsx-proxy:x:155:mpa,ua,dhcp,nsx-opsagent,nsxa,exporter,audit,admin,www-data,nsx-sha
      Example of a non-healthy output showing that the issue matches this KB:
      nsx-proxy:x:10006:nsx-opsagent,nsx-sha

Environment

VMware NSX-T Data Center 3.2.2

Cause

Cause could not be determined.

Resolution

For now, only workaround is available:

  • Use the below command to update the groupID for nsx-proxy 
    • #groupmod -g 155 nsx-proxy
Powered by Wolken Software