Unable to see flows on intelligence due to Infra Sync Down
search cancel

Unable to see flows on intelligence due to Infra Sync Down

book

Article ID: 401182

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

Problem 1: Unable to see flows on intelligence

Problem 2: Infrastructure Sync on SSP is DOWN as the full sync/ delta sync has failed

Symptom:

 1. Customer will see null pointer exception in NSX proton logs

 

2022-10-27T18:09:29.766Z INFO CommonAgentDeltaProcessor CommonAgentFullConfigProducerImpl 4152 NAPP [nsx@6876 comp="nsx-manager" level="INFO" s2comp="CommonAgent" subcomp="manager"] Get from Client Table. clientList size 71
2022-10-27T18:09:29.766Z WARN CommonAgentDeltaProcessor CommonAgentDeltaConfigProducerImpl 4152 NAPP [nsx@6876 comp="nsx-manager" level="WARNING" s2comp="CommonAgent" subcomp="manager"] Caught exception in ScheduledExecutorService.
java.lang.NullPointerException: null
    at vmware.nsx.napp.CommonAgentProtos$CertificateMsg$Builder.setCertificate(CommonAgentProtos.java:1340) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.utils.DataConverter.buildCertUpdateMessage(DataConverter.java:77) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.utils.DataConverter.buildCertMessage(DataConverter.java:95) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.service.CommonAgentFullConfigProducerImpl.produceCertMsgs(CommonAgentFullConfigProducerImpl.java:178) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.service.CommonAgentFullConfigProducerImpl.produce(CommonAgentFullConfigProducerImpl.java:88) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.service.CommonAgentDeltaConfigProducerImpl.processConfigUpdates(CommonAgentDeltaConfigProducerImpl.java:676) ~[?:?]
    at com.vmware.nsx.management.proton.commonagent.service.CommonAgentDeltaConfigProducerImpl.lambda$start$0(CommonAgentDeltaConfigProducerImpl.java:163) ~[?:?]
 
 
2025-04-18T11:23:34.899Z  WARN CommonAgentDeltaProcessor CommonAgentDeltaConfigProducerImpl 1010408 NAPP [nsx@6876 comp="nsx-manager" level="WARNING" s2comp="CommonAgent" subcomp="manager"] Caught exception in ScheduledExecutorService.
java.lang.NullPointerException: null
        at vmware.nsx.napp.CommonAgentProtos$CertificateMsg$Builder.setCertificate(CommonAgentProtos.java:1340) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.utils.DataConverter.buildCertUpdateMessage(DataConverter.java:94) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.service.CommonAgentCertificateChangeListenerImpl.lambda$sendAllCertificates$3(CommonAgentCertificateChangeListenerImpl.java:239) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.service.CommonAgentCertificateChangeListenerImpl.sendAllCertificates(CommonAgentCertificateChangeListenerImpl.java:239) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.service.CommonAgentFullConfigProducerImpl.produceCertMsgs(CommonAgentFullConfigProducerImpl.java:237) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.service.CommonAgentFullConfigProducerImpl.produce(CommonAgentFullConfigProducerImpl.java:130) ~[?:?]
        at com.vmware.nsx.management.proton.commonagent.service.CommonAgentDeltaConfigProducerImpl.processConfigUpdates(CommonAgentDeltaConfigProducerImpl.java:762) ~[?:?]
        


 2. Kafka messages from TN are not acknowledged (nsxcli -c get intelligence flow stats ack)

 Example:

[root@vxlan-vm-111-24:~] nsxcli -c get intelligence flow stats ack
Tue Dec 24 2024 UTC 06:16:24.893
             NSX Intelligence Host Flows Acknowledgement Statistics             
--------------------------------------------------------------------------------
     host uuid: 546404d0-72ce-4295-8aa4-4278d4715e56
     host type: nsx-esx(1)          

     Topic        Total Sent     Total Ack'ed      Last Sent      Last Ack'ed      Last Sent Time       Last Ack Time    
   raw_flow           989             988              1               1                           06:12:18  

Impact: Flows are not reported

Environment

SSP 5.0 / 5.1, NSX Manager 4.2.1.*, NSX Manager 4.2.0.*, NSX Manager 9.0

Cause

NSX Common agent listens for notifications on Client table. Client table can have records without certificate. Common agent was not handling this resulting not able to send messages containing certificates

/var/log/proton/nsxapi.log 

 

Resolution

Please check for failed TNs in NSXT and resolve /delete failed TNs  gracefully and  see if that solves the issue.

 

Contact Broadcom Technical Support for Resolution.

Additional Information

If the Symptom mentioned in this KB does not address your issue, refer to the Master KB for NSX Onboarding Issues, which lists all known onboarding scenarios, causes, and troubleshooting methods.

Powered by Wolken Software