LCM health checks error "Failed to run health checks for NSX-T on <cluster-name>" when trying to upgrade ESXi host with vLCM enabled cluster
search cancel

LCM health checks error "Failed to run health checks for NSX-T on <cluster-name>" when trying to upgrade ESXi host with vLCM enabled cluster

book

Article ID: 410515

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • vCenter is registered as a compute manager in NSX.
  • There is at least one cluster configured with NSX.
  • The cluster which is being upgraded, may or may not be an NSX prepared cluster.
  • In the vCenter log /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log similar log entries are seen:

info vmware-vum-server[22437] [Originator@6876 sub=EHP opID=a8f2792c-####-####-####-baa0501cfde1] NSX-T version: 4.2.1.1
Calling NSX-T API /api/v1/vlcm/esx/health/cluster/perspectives/ready-for-apply/status?action=check (/external-tp/http1/<NSX-Manager-IP>/443/6BEA#####################C631ED/api/v1/vlcm/esx/health/cluster/perspectives/ready-for-apply/status?action=che
info vmware-vum-server[22437] [Originator@6876 sub=EHP opID=a8f2792c-####-####-####-baa0501cfde1] action=check).
warning vmware-vum-server[22437] [Originator@6876 sub=EHP opID=a8f2792c-####-####-####-baa0501cfde1] Retrying on next NSX-T node due to HTTP 500.
info vmware-vum-server[22437] [Originator@6876 sub=EHP opID=a8f2792c-####-####-####-baa0501cfde1] Current NSX-T node: https://<NSX-Manager-IP>:443

  • In the NSX manager log /var/log/proxy/reverse-proxy.log:

INFO Processing request bb57743c-####-####-####-f8d12b8b5ce1 BaseProxyDelegate 74429 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Processing request to /api/v1/vlcm/esx/health/cluster/perspectives/ready-for-apply/status (action=check) with /api/v1/vlcm -> 127.0.0.1:7442:/upgrade-coordinator/api/v1/vlcm
WARN Processing request bb57743c-####-####-####-f8d12b8b5ce1 HttpSessionSecurityContextRepository 74429 Failed to create a session, as response has been committed. Unable to store SecurityContext.

  • In the NSX manager log /var/log/proxy/envoy_access_log.txt:

<vCenter-IP> <NSX-VIP-IP> "POST" "/api/v1/vlcm/esx/health/cluster/perspectives/ready-for-apply/status?action=check" "HTTP/1.1" 500 - 105 325 232 22 "127.0.0.1,<vCenter-IP>" "VMware-client/8.0.3" "d3f36aab-####-####-####-cc19adcb463e" "<NSX-VIP-IP>" "127.0.0.1:7442"

  • In the NSX manager log /var/log/upgrade-coordinator/upgrade-coordinator.log you see the following entries:

ERROR http-nio-127.0.0.1-7442-exec-4 NsxBaseRestController 74983 SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP100" level="ERROR" subcomp="upgrade-coordinator"] Service account is not enabled on VC 618f13c0-####-####-####-c1569f5e99d5
com.vmware.nsx.management.common.exceptions.BaseException: Service account is not enabled on VC 618f13c0-####-####-####-c1569f5e99d5

Environment

VMware NSX

vCenter

Cause

The compute manager (vCenter) was registered in NSX without selecting the service account.

Resolution

Service account must be enabled when using vLCM on ESXi cluster and the vCenter is registered to NSX as a compute manager.

Please refer to the NSX installation guide steps Add a Compute Manager

Powered by Wolken Software