"Connectivity to LDAP Server Lost" alarms present in NSX UI when multiple LDAP Servers are configured
search cancel

"Connectivity to LDAP Server Lost" alarms present in NSX UI when multiple LDAP Servers are configured

book

Article ID: 403366

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

"Connectivity to LDAP Server Lost" alarms present in NSX UI.

Clicking on "Check Connectivity" in UI under "System"->"Identity Firewall AD"->"LDAP Server" shows that the Connection Status" is up.

After removing the configuration of the corresponding LDAPS server, the alarm disappears momentarily but the alarm re-appears within 24 hours.

Environment

NSX version 4.2.2 or below

Multiple LDAPS servers are configured for IDFW (Identity Firewall).

Cause

NSX does not delete connectivity alarms associated to a non-primary LDAPS servers when configuration of a non-primary LDAPS server is deleted.

In /var/log/proton/nsxapi. the following message is logged:
2025-06-19T16:44:00.806Z  INFO nsx-rpc:unix:///var/run/vmware/nsx-opsagent/alarms-provider-service.sock:user-executor-0 EventSource 123647 MONITORING [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Sync triggered. featureName: identity_firewall, eventType: connectivity_to_ldap_server_lost, entityId: <UUID>, status: true, context: {"entity_id":"<hostname>:<UUID>:<OU>","ldap_server":"<hostname>","intent_path":"/infra/firewall-identity-stores/<UUID>/ldap-servers/<UUID>"}

There are no other messages in /var/log/proton/nsxapi.log logged against the non-primary LDAPS server.

Resolution

Fixed in: NSX 4.2.2 or above.

Workaround: Resolve the alarms in the UI

Powered by Wolken Software