So i've notice a problem with Identity Firewall.
My NSX is connected to Active Directory domain.
I've created Security Group using Service Composer.
Security Group consist of Directory Group "Administrators", when I clint on the created Security Group it wont refresh and I cant see users.
The TAB Virtual Machines wont stop refreshing and there's no result.
Does anyone had that problem ?
Best Regards
Marcin Gwóźdź
well, my bad on logs, please check this link :
also, check this link from the AD side:
https://girl-germs.com/?p=1538
if you have access to myVMware open a TSR what I read the GSS has lots of tricks to look under.
hope this helps.
check identity source, it happens that if you have lots of objects it hangs so what I usually do is to set specific UO on AD structure so for example instead of loading all the base of *.corp.com you can set something like administrators-it under administrators, other things to check is the windows admin server logs and check if something gets stucks on the AD side when you hit to select the creation of SG in NSX.
hope this helps.
Hello,
Thank you for your advice.
So I have created a Secuirty Group "Test" with Included Object Directory Group "NSX_TEST", That group has only one user member.
But the problem still exist, and that thing still wont stop rolling.
Is it a bug ?
Best Regards
Marcin Gwóźdź
could just be sure check logs on this location on tail -f /var/log/dfwpktlogs.log and check if something is painting there.
Well,
There is a lot of logs:
For example:
2019-06-06T05:59:56.801Z 36787 INET TERM domain-c47/1016 IN TCP TIMEOUT 10.0.0.7/60499->10.0.210.14/445 1/0 52/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/34420->10.0.210.13/443 10/0 1904/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/54444->10.0.210.12/443 10/0 1904/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/34426->10.0.210.13/443 9/0 1802/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/54450->10.0.210.12/443 10/0 1842/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/54452->10.0.210.12/443 10/0 1929/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/34434->10.0.210.13/443 10/0 1929/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/54458->10.0.210.12/443 11/0 1998/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP FIN 10.0.210.10/34440->10.0.210.13/443 10/0 1958/0
2019-06-06T05:59:56.801Z 48972 INET TERM domain-c47/1016 IN TCP RST 10.0.210.10/48480->10.0.210.12/9080 11/0 2572/0
What kind of log should I look for ?
Best Regards
Marcin Gwóźdź
well, my bad on logs, please check this link :
also, check this link from the AD side:
https://girl-germs.com/?p=1538
if you have access to myVMware open a TSR what I read the GSS has lots of tricks to look under.
hope this helps.
Well, thank you for all help