So this is strange. I'm following along with the procedures to create a Load Balancer for Workspace ONE Access: https://docs.vmware.com/en/VMware-Validated-Design/6.0/sddc-deployment-of-cloud-operations-and-autom...
I get to the step where I have to create the Server Pool and an annoying problem arises. When I set the Active Monitor to be the HTTPS monitor that I created in an earlier step, it errors out whenever I try to save the Server Pool. It gives me the following error:
The members of the pool have port 443 configured. Only 1 of the members is currently active, but even when I tried to only have a single member (the vm that exists and is running), it still gives me the error. I'm at a loss as to what I need to do.
NSX-T Version: 3.1
vSphere 7.0U1d
vCenter 7.0U1d
Workspace ONE Access 20.10
Thank you in advance!
Ack
You are going to be restricted by your eval license. The feature you are after isn't part of the eval license.
This link may assist you with further licensing, however it doesn't list the eval license. https://kb.vmware.com/s/article/78223
Hi,
Could you also show some screenshots of the Virtual-server, the profile and the monitors ? Preferably with all settings
Hi,
I am trying to reproduce. But without any luck. Not getting the error.
Did you already create a vip? Or just the pool ?
Same here, I just created an active monitor, a server pool with 3 members and setting the active https monitor.
What license are you using ?
My license is listed as "NSX Data Center Evaluation" from VMUG Advantage. It is still valid. I will try deleting the monitor and pool and recreate again. No VIP has been assigned at this point.
You are going to be restricted by your eval license. The feature you are after isn't part of the eval license.
This link may assist you with further licensing, however it doesn't list the eval license. https://kb.vmware.com/s/article/78223
I think the license is the issue after all. My nsx manager OVA is named nsx-unified-appliance-3.1.0.0.0.17107212-le.ova. The LE I think stands for "Limited Export". Nothing in the official documentation states there are any restrictions on what my evaluation license includes. However, I found a blog https://www.virten.net/2020/04/nsx-t-3-0-evaluation-how-to-download-and-get-license-key/ that states the Limited Edition license doesn't include certain encryption standards.
Hmmmm....It's my SSL certificate that is causing the problem. I have a standard 2048 bit template I use on my homelab network. Do you know if I reduce the keysize that this might work?
With the limited export version I don't believe you will have access to SSL features of the LB.
So the solution for me was to not create a L7 Load Balancer, but a L4 TCP one. This one has no active monitor support, but isn't restricted by the SSL limitations of the Evaluation License available through VMUG Advantage. I had been thrown off since Harbor and the vSphere with Tanzu web pages came up with SSL certificates. Looking at their configuration highlighted the way forward for me.
Each of the servers will have to have an SSL certificate for both the server itself and the Load Balanced VIP dns name/ip. Thank you for the feedback.
It's unfortunate VMware restricts these features on these eval licenses. For those of us trying to learn the product and follow along with their published architectures, these feature sets are critical. They don't explain my solution as an alternative in the documentation.