AD account was unable to log in to NSX because LDAP response time exceeded the default timeout threshold of 5 seconds
search cancel

AD account was unable to log in to NSX because LDAP response time exceeded the default timeout threshold of 5 seconds

book

Article ID: 415551

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX configures with AD Domain by LDAP.
  • Login NSX Manager with AD account fails with the messages:

    {"module_name":"common-services","error_message":"Internal server error has occurred.","details":"Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used: 5000 ms.","error_code":99}

Environment

VMware NSX 4.x

Cause

The default connection timeout for NSX LDAP integration is 5 seconds. The connection timed out because the AD server did not respond to the LDAP bind request within this period.

Resolution

To workaround issue, the default NSX LDAP timeout value can be adjusted using the following steps:

  1. Establish SSH connection to the NSX Manager with admin account and switch to root account.
  2. Edit /opt/vmware/proxy-tomcat/webapps/ROOT/WEB-INF/classes/authentication.properties

    vi /opt/vmware/proxy-tomcat/webapps/ROOT/WEB-INF/classes/authentication.properties

  3. Increase values of the parameters authentication.ldap.connectTimeoutInMs and authentication.ldap.readTimeoutInMs

    For example:

    authentication.ldap.connectTimeoutInMs=10000
    authentication.ldap.readTimeoutInMs=10000

  4. Save and Exit
  5. Restart the proxy service:

    systemctl restart proxy
Powered by Wolken Software