Configuring secure remote logging with "set logging-server.." command fails with error: "An internal error occurred, please retry execution again"
search cancel

Configuring secure remote logging with "set logging-server.." command fails with error: "An internal error occurred, please retry execution again"

book

Article ID: 400854

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The following command does not return any secure remote logging servers.

    nsx-manager> get logging-servers

  • Configuring secure remote logging fails with the following error.

NSX_Manager> set logging-server [Logging Server]:[Port] proto tls level info serverca  [Server CA] clientca [Client CA] certificate [NSX Manager Chain Cert] key [NSX Manager Key]
[Timestamp]
% An internal error occurred, please retry execution again

  • NSX Manager syslog shows the following error.

/var/logsyslog
[Timestamp] napi.root.node.cert_utils INFO cert subject = /C=[C]/ST=[ST]/L=[L]/OU=[OU]/O=[O]/CN=[CN]
[Timestamp] napi.root.node.services.syslog.exporters INFO certificate trust check succeeded. status: 200, result: {'status': 'OK'}
[Timestamp] napi.root.node.services.syslog.exporters INFO Certificate already exists, skip import
[Timestamp] napi.task_manager ERROR Traceback (most recent call last):
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/task_manager.py", line 210, in _call_handler
    response = self._handler(self._request)
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/services/syslog/exporters.py", line 1693, in __call__
    result, status, msg, args = _create_rsyslog_exporter(req_obj, user)
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/services/syslog/exporters.py", line 1367, in _create_rsyslog_exporter
    cert_trust_error = _validate_tls_cert_pem(tls_cert_pem, user)
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/services/syslog/exporters.py", line 421, in _validate_tls_cert_pem
    _add_cert_for_service(tls_cert_pem, _RSYSLOG_CLIENT_SERVICE_TYPE, user)
  File "/opt/vmware/nsx-node-api/bin/python/management_api/napi/root/node/services/syslog/exporters.py", line 351, in _add_cert_for_service
    new_cert_id = new_cert["results"][0]["id"]
TypeError: 'NoneType' object is not subscriptable

  • The NSX Manager has many stale syslog certs present. This can be confirmed with the following API call. Certs have display names of either "syslog-client-ca" or "syslog-ca"

GET NSX-Manager/api/v1/trust-management/certificates

Environment

VMware NSX-T Data Center 3.2.x
VMware NSX 4.1.x

Resolution

This issue is resolved in VMware NSX 4.2, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

If you believe you have encountered this issue and are unable to upgrade to NSX 4.2, please open a support case with Broadcom Support and refer to this KB article.
For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software