Giodomi
Enthusiast
Enthusiast

NSX-T Prepare cluster with vLCM Enabled

I'm getting a strange issue while I'm trying to prepare a sphere 7.0 cluster with nsx-t, the problem is when I enable the Image at the cluster level, so Lifecycle Manager in vCenter in no more handling the versioning of the host with baseline.
The issue is when I try to prepare the cluster I get immediately an error of NSX Install fail. 

This is not happening if I do the preparation of a cluster that's not using the Image.

Someone has already experienced this issue and could maybe advise me how to fix it?


I've attached the image of the first step error, and the configuration of the compute manager with Service Account and Enable Trust configured.

Let me know


 

Kudos if it was helpful

GioDomi
0 Kudos
9 Replies
SrVMoussa
VMware Employee
VMware Employee

Hi Gio, 

 

I would suggest following the doc first:- https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/installation/GUID-0938D3D6-26B4-4FEB-B4BC-E6...

Maybe if I read the proxy logs, I may help out better than that, but if you see in reverse-proxy.log "Duplicate JWK" - I would ask to verify the VC cert health, and then you can follow https://kb.vmware.com/s/article/85695?lang=en_US

You can type  to check 

grep "VC JWK Set" /var/log/proxy/reverse-proxy.log

 

 


Please let me know if you have vSAN AND/OR  Service insertion ?

 

 

Regards,
Khalid Moussa
0 Kudos
Giodomi
Enthusiast
Enthusiast

Hello SrVMoussa

 

thank you for your prompt answer.

 

on the proxy log, I cannot see any message with "duplicate JWK"

with the command you shared the output is this:

2021-11-25T15:23:41.976Z INFO https-jsse-nio-10.247.101.72-443-exec-2 VcTokenServices 14765 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] VC JWK Set: {"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"7E244266854F8EC27582D0937ED3B889CD326862","x5c":["MIIDOTCCAiGgAwIBAgIJAP0+JZdj1oJkMA0GCSqGSIb3DQEBCwUAMD8xMDAuBgNVBAMTJ0NBLCBDTj1VU1ZNV1BWSVZDMiwgZGM9dnNwaGVyZSxkYz1sb2NhbDELMAkGA1UEBhMCVVMwHhcNMTQwNjAzMDcxMjEyWhcNMjQwNTMxMDcxMjEyWjA5MSowKAYDVQQDEyFzc29zZXJ2ZXJTaWduLGRjPXZzcGhlcmUsZGM9bG9jYWwxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr04NdcHb73viSqpfCSA0YLKcBCqFqly5PyDn0Aqx1qXPOP9HLaeTeLBbhI9TsLR7uFeMMek9wdaGqdTXXULXLCngJjPsNhvCgfkL4tD8ajgLirERJGSg7eiUXOL1CCA48zRAEidHMFXKh3g4bOaX6aZJHzc2ny6D21LYlFoPBxUu298ecFJd2thnAA5Yv8IRUYIq3Yudh8fC2YuRQ+ASZ4ZjxHLp6psrNzAmQT4xllRmRIm64XMLkWb3P2c9A9dcIShm/E9FmvcEIO9RXHilrsg2657aj4Kv17xt4SxBKyyMH1SqhD4wR/1nURhZzfkBDcQj20iEDY6+88XgHRarFwIDAQABoz4wPDALBgNVHQ8EBAMCBPAwLQYDVR0RBCYwJIIiVVNWTVdQVklWQzIuU0QwMS5VTklDUkVESVRHUk9VUC5FVTANBgkqhkiG9w0BAQsFAAOCAQEAoBmztjg2KTzU9b3nvP+o7hByS0yONpGUlNkaaYmTKg7WyWPy8XBwj0oEMVkdMHEXGR6q7ghQoQnb9yUFPgFf7RX/VLAwpH90M+V/kxwvF2l12ff22TXhJrurxYyiGOupeGU7+s5z9hxoYE3/Xq8tCzjxqIC53LSblEcdDOvK97mSYQamwo0EzHn4Wyr4KqYyxUMIEbyVPFRmgLc0GOrLUvoZ8/PNLCfl6z3T6Kp9FJUcDHphHfLyMT+NKgbN2oKxqPvUDCGggwm4FJincDYUtL87UK1CN8akEKaZHJ4sw2hfnvLIr0PBi3xR3q1vMTB9yGeGMdtCaWuwKHxcSChR/Q=="],"alg":"RS256","n":"r04NdcHb73viSqpfCSA0YLKcBCqFqly5PyDn0Aqx1qXPOP9HLaeTeLBbhI9TsLR7uFeMMek9wdaGqdTXXULXLCngJjPsNhvCgfkL4tD8ajgLirERJGSg7eiUXOL1CCA48zRAEidHMFXKh3g4bOaX6aZJHzc2ny6D21LYlFoPBxUu298ecFJd2thnAA5Yv8IRUYIq3Yudh8fC2YuRQ-ASZ4ZjxHLp6psrNzAmQT4xllRmRIm64XMLkWb3P2c9A9dcIShm_E9FmvcEIO9RXHilrsg2657aj4Kv17xt4SxBKyyMH1SqhD4wR_1nURhZzfkBDcQj20iEDY6-88XgHRarFw"}]}



I'll try to follow the KB.
By the way the version of NSX-T is 3.1.3

No service Insertion or vSAN.


Kudos if it was helpful

GioDomi
0 Kudos
Giodomi
Enthusiast
Enthusiast

Hello again,

this is the error showed if I click on resolve on the nsx-t failed host:

Failed to install software on host. Setting NSX depot(s) on Compute Manager: 15ca742b-ce6e-4d88-b410-f0e39683b653 failed with error: Set depot operation failed. Retry Transport Node Collection at cluster.


Kudos if it was helpful

GioDomi
0 Kudos
SrVMoussa
VMware Employee
VMware Employee

Hi @Giodomi  

 

My apologies for the delay! 

 

nsx syslog.log from any of the hosts may help me " I am assuming that RAM Disk if free to have the new VIBs installed, and you POSTed the API call as in the doc

Question: What is the Hardware? if it's HPE then please validate this https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00116792en_us

 

Ideally if possible you attach the nsx syslog logs from any of the hosts and the cm logs from the Manager node - I think I need to read more insights, moreover I will look if I can find a quicker workaround 

 

You may need to open a case. 

 

 

 

 

 

Regards,
Khalid Moussa
0 Kudos
Giodomi
Enthusiast
Enthusiast

Hello @SrVMoussa 


no problem, as you suggested I've opened an SR and attached the Logs of the managers.
We tested if it was a communication issue between vcenter and managers but it wasn't.

The Hardware is Lenovo.

Keep you posted on what they will find.

Thanks for your suggestion and willingness to help



Kudos if it was helpful

GioDomi
0 Kudos
jeffersonc47
Enthusiast
Enthusiast

Did you ever get a resolution here? I'm getting a similar (but not quite the same) error with NSX-T 3.2/vSphere 7.0U3c.

0 Kudos
Giodomi
Enthusiast
Enthusiast

Seems the problem is the blocked communication between ESXi Hosts and the Manager with port 8080
but I'm still dealing with my Firewall friend in order to understand if they are blocking somewhere that port.

Kudos if it was helpful

GioDomi
0 Kudos
SamarElMeselhy
VMware Employee
VMware Employee

Hi,
Is this issue resolved ?

0 Kudos
SrVMoussa
VMware Employee
VMware Employee

Hi @SamarElMeselhy 

When we joined we found the port 8080 was blocked - It's required to be open [Refer to our ports guide]

Ping my MS anytime 😄 

 

 

 

Regards,
Khalid Moussa
0 Kudos