NSX Manager uproxy process showing high CPU usage.
search cancel

NSX Manager uproxy process showing high CPU usage.

book

Article ID: 416031

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX Manager is configured with a monitoring tool.
  • This tool is utilising the NSX Manager API to pull data. 
  • This monitoring tool may be a 3rd party or a VMware tool such as VCF Operations for Network.
  • The NSX Manager API limit is not being hit. See KB 378126
  • When the tool is enabled the NSX Manager uproxy CPU usage can increase from 20% to 400%.
  • NSX Manager syslog shows high volume of logging 

    /var/log/syslog
    2025-09-26T11:40:02.754Z c01nsxmgr-0007.zeus.dvint.cloud NSX 3117 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] checkServerTrusted: OU=OU,O=O,C=C,CN=CM for authType=UNKNOWN succeeded.
    2025-09-26T11:40:02.754Z c01nsxmgr-0007.zeus.dvint.cloud NSX 3117 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] checkServerTrusted: OU=OU,O=O,C=C,CN=CM for authType=UNKNOWN succeeded.
    2025-09-26T11:40:02.754Z c01nsxmgr-0007.zeus.dvint.cloud NSX 3117 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] checkServerTrusted: OU=OU,O=O,C=C,CN=CM for authType=UNKNOWN succeeded.

 

Environment

VMware NSX 4.x

Resolution

This is a known issue impacting VMware NSX.


Workaround:

1. For each Manager, take backup of the tanuki conf file.

    cp /usr/tanuki/conf/proxy-tomcat-wrapper.conf /tmp/proxy-tomcat-wrapper_backup.conf

2. Edit this file /usr/tanuki/conf/proxy-tomcat-wrapper.conf

    After these lines

    wrapper.java.additional.40=--add-opens=java.base/sun.security.x509=ALL-UNNAMED
  wrapper.java.additional.41=--add-opens=java.base/java.util=ALL-UNNAMED
  wrapper.java.additional.42=--add-opens=java.base/sun.security.internal.spec=ALL-UNNAMED

    Add below lines

   wrapper.java.additional.43=-Dcom.sun.jndi.ldap.connect.pool=true
  wrapper.java.additional.44=-Dcom.vmware.nsx.check_crl=false

3. To reduce logging for certificate checks, take backup of log4j2.xml

    cp /opt/vmware/proxy-tomcat/conf/log4j2.xml /opt/vmware/proxy-tomcat/conf/log4j2_backup.xml

4. Edit file  /opt/vmware/proxy-tomcat/conf/log4j2.xml

4. Before the </Loggers> line, add the following entry (as part of the <Logger> block):

    <Logger name="com.vmware.nsx.management.security.NsxTrustManager" level="WARN"/>

    example:

                    </Root>
         <Logger name="com.vmware.nsx.management.rp" level="DEBUG" />
         <Logger name="com.vmware.nsx.management.api.leader" level="FATAL" />
         <Logger name="com.vmware.nsx.rpc" level="FATAL" />
         <Logger name="com.vmware.nsx.platform" level="FATAL" />
         <Logger name="com.vmware.nsx.sha" level="FATAL" />
         <Logger additivity="false" level="INFO" name="org.springframework.security.oauth2.client.token.grant.password" />
         <Logger name="com.vmware.nsx.management.security.NsxTrustManager" level="WARN"/>
        </Loggers>
      </Configuration>

4. restart reverse proxy

    /etc/init.d/proxy restart

Powered by Wolken Software