VMware Cloud Community
awliste
Enthusiast
Enthusiast
‎09-24-2010 06:02 AM

Unable to login to NFC server

Morning.

Got a weird one here. I'm hoping this isn't low-hanging fruit and I just missed the obvious. Here's my issue:

Running ESXi 4.1 on all hosts. vCenter to match. Using jumpboxes into my private cloud. vCenter is dual homed - one leg in my private cloud, one leg available on public side for mgmt. Three of my hosts are in the same configuration, the rest are not publicly available. Internal in cloud, I have DNS. Externally, I go at the cluster via IP direct. (Yeah, I know, but I've got some weird security requirements for my users and network segmentation.) Up until three days ago, my users on both sides could upload files to the datastores without any problems. We've been running fine for three weeks on 4.1, fine prior to that on 4.0. The problem manifested when users on my private cloud reported "Unable to login to NFC server." errors when they attempted to push files to the datastores from their jumpboxes.

From the public side I can upload to the cluster datastore connected to vcenter or esxi host, no problems. From the private side, I cannot upload when connected to vcenter. If I connect directly at an ESX host from the private side with VIC, I can upload. I can see consoles and interact with hosts from both sides appropriate to their routability and posture - just like before. It's just uploads that seem to be affected ATT.

Analysis of the vCenter logs gave me nothing to work with.

Reviewing the forums here, I've done the following:

1) Bounced vCenter Server service. No luck. Problem persisted.

1.5) Bounced vCenter Server. No luck. Problem persisted.

2) Attempted KB1017196. N/A to my builds. No luck.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101719...

3) Bounced internal DNS server. No luck. Problem persisted.

4) I realize I COULD edit the hosts file for my jumpboxes, but I consider this a brittle solution and don't want to implement it, even if it would work. This process worked before without it, I want it to work again. I dislike band-aids.

I'm thinking it's DNS, whatever it is - but the DNS processes are working fine. It's unique to my private cloud, and that's the only significant service delta between what's going on inside and outside at those tiers.

Looking for and open to any thoughts and suggestions, any help would be much appreciated. Thanks for your time and attention.

R/,

- Abe






Integritas!

Abe Lister

Just some guy that loves to virtualize

==============================

Ain't gonna lie. I like points. If what I'm saying is something useful to you, consider sliding me some points for it!

Integritas! Abe Lister Just some guy that loves to virtualize ============================== Ain't gonna lie. I like points. If what I'm saying is something useful to you, consider sliding me some points for it!
0 Kudos
1 Reply
awliste
Enthusiast
Enthusiast
‎09-27-2010 02:26 PM

So I figured this out.

Network team figured they'd do some 'routine maintenance' and adjusted their firewall ruleset. The whole problem turned out to be a routing issue - further upstream, 902 was being blocked en route to my external facing hosts.

What I would be really interested in knowing is how vCenter chooses which host to handoff the upload to. Anyone have any insight there?

Regards and thanks,

- Abe Lister






Integritas!

Abe Lister

Just some guy that loves to virtualize

==============================

Ain't gonna lie. I like points. If what I'm saying is something useful to you, consider sliding me some points for it!

Integritas! Abe Lister Just some guy that loves to virtualize ============================== Ain't gonna lie. I like points. If what I'm saying is something useful to you, consider sliding me some points for it!
0 Kudos