Central Node Config profile does not get applied on the Edge VMs
search cancel

Central Node Config profile does not get applied on the Edge VMs

book

Article ID: 430171

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Syslog messages are not being forwarded from specific NSX Edge Nodes to the designated remote syslog server.
  • The Central Node Config profile is correctly configured and applied at the management level, but the settings do not persist to the Edge transport nodes.

  • Running the command get logging-servers on the affected Edge Node CLI returns an empty list or indicates no servers are configured.

  • Verification via get configuration confirms the syslog server details are missing from the Edge VM's local running configuration.

  • The command get node central-config confirms that the central configuration state is Enabled, yet the logging parameters are not inherited.

Log snippets:

When updating the syslog configuration within the Central Node Config profile, the following error log pattern is observed in /var/log/syslog on the affected NSX Edge node:

[TIMESTAMP] vmw-#######4 - [nsx@6876 comp="nsx-manager" subcomp="central_node_config_update" username="root" level="WARNING"]Failed to add syslog exporter {"port": 514, "exporter_name": "264aa005#######", "protocol": "TCP", "level": "ERR", "server": ####"}, response: {#012  "error_code": 36569,#012  "error_message": "Error modifying firewall rule due to invalid hostname.",#012  "module_name": "node-services"#012}, status: 400, err: 400 Client Error: Bad Request for url: http://####/api/v1/node/services/syslog/exporters

 

Environment

VMware NSX

Cause

The synchronization of the Central Node Config profile fails because the NSX Edge node is unable to resolve the Fully Qualified Domain Name (FQDN) of the configured syslog server.

When a hostname is used in the syslog configuration, the Edge nodes attempt to validate the destination. If the configured DNS servers fail to resolve the hostname (confirmed by nslookup failures on the Edge CLI), the underlying configuration engine throws the error "Error modifying firewall rule due to invalid hostname" and aborts the update. Consequently, the local logging-servers configuration remains empty and no logs are forwarded.

Resolution

To resolve this issue, ensure the NSX Edge nodes can successfully resolve the Fully Qualified Domain Name (FQDN) of the remote syslog server by configuring valid DNS name servers.

Procedure:

  1. Log in to the CLI of the affected NSX Edge node as the admin user.

  2. Verify the current DNS configuration: get name-servers

  3. Configure the correct DNS name server(s) using the following command: set name-servers <DNS_IP>

After updating the DNS settings, you must trigger a configuration sync to the Transport Node. To do this, navigate to the Central Node Config Profile, click Edit on the existing syslog configuration, and select Save. This action pushes the updated profile to the affected Edge node, ensuring the syslog server is correctly registered and active.

 

Additional Information

Configure a Node Profile

Powered by Wolken Software