License check: Failed to fetch assigned license banner in SDDC Manager
search cancel

License check: Failed to fetch assigned license banner in SDDC Manager

book

Article ID: 418912

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Management Domain in SDDC Manager report- Failed to fetch assigned license banner

Environment

VCF 5.2.1

Cause

License check: Failed to fetch assigned license error occurs due to NSX Admin Node being in Disconnected State due to expired password in SDDC Manager

This is due to the password expiration on the admin account on the NSX-T Managers. As a result of the expired password, the password saved on SDDC Manager no longer works against the NSX-T Managers. Due to repeated failed login attempts via API, the NSX-T Managers lock out the SDDC Manager login attempts - even with the right credentials.

Resolution

To Resolve the issue follow through the below steps

    1. Match the NSXT Admin Node Password from the available password in SDDC Manager DB
      1. Retrieve Current Passwords:
      2. SSH to the SDDC Manager.
        • Run the command lookup_passwords
      3. Save the complete output, specifically noting the exact passwords for the NSX Nodes.

    2. Renew/Update Passwords on NSX Admin Node (Reference KB- 314657)
      1. Log in to the NSX-T manager as root. (Either from a console window or SSH)
      2. Run the command:
        • /etc/init.d/nsx-mp-api-server stop
      3. Clear password history:
        • echo "" >/etc/security/opasswd
      4. Set the password(s) to match what is present in the SDDC DB.
        • passwd admin
          • Provide the Password Retrieved from SDDC Manager
      5. Run command:
        • touch /var/vmware/nsx/reset_cluster_credentials
      6. Run the command:
        • /etc/init.d/nsx-mp-api-server start
    3. Release the Locks on NSXT Manager Nodes by performing rolling reboot. (Reference KB- 314647)
      1. Connect to each of the NSX-T Managers behind the NSX-T Load Balancer via SSH.
      2. Login with admin credentials.
      3. Run the following commands on each of the NSX-T Managers:
        • set auth-policy api lockout-period 0
        • set auth-policy api lockout-reset-period 0
      4. Rolling reboot of NSX managers to release any locks on accounts.
        • Once all NSX managers are rebooted and the NSX cluster showed as stable proceed with the following steps.
      5. Run the REMEDIATE password operation from the SDDC Manager UI against the admin account for NSX-T Manager
      6. This time the operation Completed successfully.

Additional Information

This issue can also occur due to expired certificates documented in KB- Seeing issue with one or more license when logging into SDDC manager

Powered by Wolken Software