"Error: 'SecurityException Getting virtual machine on NSX-T policy endpoint" while deploying a virtual machine with Aria Automation
search cancel

"Error: 'SecurityException Getting virtual machine on NSX-T policy endpoint" while deploying a virtual machine with Aria Automation

book

Article ID: 413159

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Deploying a virtual machine (VM) using Aria Automation in NSX-T segment fails with error:

Error message "Original Task Error: 'SecurityException: : : Getting virtual machine on NSX-T policy endpoint with name: [<Machine name>], external id: [5027e82a-####-####-####-084532f75645].: Max retries exceeded retry duration 600039 milliseconds.'"

  • Which can also be seen in the Aria Automation logs: /services-logs/prelude/provisioning-service-app/file-logs
  • This is intermittent, in that it works some time and fails others.
  • The VM deploys in vCenter, but has no IP address.
  • The VM does not show in the NSX inventory.
  • In the NSX-T UI, under System, Fabric, Hosts, for the cluster that the VM, there are some hosts in failed state.
  • Which can be seen in the NSX-T manager logs: /var/log/proton/nsxapi.log

ERROR HealthCheckRequestMonitorThread - sendingRequest HealthCheckMsgServiceImpl 5720 MONITORING [nsx@6876 comp="nsx-manager" errorCode="MP150008" level="ERROR" subcomp="manager"] Error in sending requestMsg to transportNode:23ec8ee8-###-###-###-9443b91cd720

Environment

VMware NSX

Aria Automation

Resolution

Resolve the issue with the failed host and they retry the VM deployment from Aria Automation.

 

  • To resolve the failed host, if it is part of a cluster using a Transport Node Profile (TNP), place the host in Maintenance mode in vCenter and move it out of the NSX prepared cluster.
  • Check if the NSX VIBs have been removed, as root user, log into the ESXi host and run: 

esxcli software vib list | grep nsx

  • Once there VIBs are gone, the host can be moved back into the NSX prepared cluster and then check the NSX VIBs are installed again, as root user, log into the ESXi host and run:

esxcli software vib list | grep nsx

  • Check connectivity to the NSX managers, as root user, log into the ESXi host and run: 

nsxcli

get managers - ensure there is one connected node and the other two are standby.

get controllers - ensure one is listed as true and the other two are false.

  • Then in the NSX UI, confirm the host is no longer in failed state.
  • Proceed and retry the Aria Automation deployment.

Additional Information

Powered by Wolken Software