Objective 9.2 – Troubleshoot Common NSX Installation/Configuration Issues

Knowledge

  • Identify ports required for NSX communication
    • 443/TCP Downloading the OVA file on the ESX host for deployment Using REST APIs Using the NSX Manager user interface
    • 80/TCP Initiating connection to the vSphere SDK Messaging between NSX Manager and NSX host modules
    • 1234/TCP Communication between ESX Host and NSX Controller Clusters
    • 56711 Rabbit MQ (messaging bus technology)
    • 22/TCP Console access (SSH) to CLI. By default, this port is closed.
  • Troubleshoot lookup service configuration
    • Confirm that the user has admin privileges.
    • Verify whether NSX Manager and Lookup service appliances are in time sync. To achieve this, use same NTP server configurations at NSX Manager and Lookup service.
    • Check DNS settings for name resolution.
  • Troubleshoot vCenter Server link
    • Check DNS settings.
    • Confirm that user has administrative privileges.
  • Troubleshoot licensing issues
    • Validate that the vSphere Web Client is successfully installed. Starting with vCenter Server 5.0, License Reporting is a component of the vSphere Web Client. To access it, the Web client must be installed and vCenter Server must be registered to it. For more information, see the Install and Start the vSphere Web Client section of the vSphere Installation and Setup guide.
    • Verify that vCenter Server and the vSphere Client workstation can communicate with the Web Client Server. For more information, see Testing network connectivity with the ping command (KB1003486).
    • Verify that name resolution to the Web Client server is correctly configured from vCenter Server and the vSphere Client workstation. For more information, see Configuring name resolution for VMware vCenter Server (KB1003735).
    • Check the vSphere Client log ( viclient-x-xxxx.log located at %USERPROFILE%\AppData\Local\VMware\vpx) to validate the URL used to connect to the Web Client server.
      You see messages similar to:

      [viclient:QuickInf:M: 7] 2012-02-27 12:15:22.227 FlexWebContainer.NavigateToUrl(nav): https:// webclient/csharp-app/?extensionId=vsphere.license.licenseReportView&context=CB1D4EA7-F6A8-46DA-81CA-99ADCF95359A:Folder:group-d1&locale=en_US&j_serviceUrl=https:// vcenterserver&j_serviceGuid=CB1D4EA7-F6A8-46DA-81CA-99ADCF95359A&j_thumbprint=98:CC:31:66:6C:4F:85:6E:A6:09:09:89:22:28:90:23:23:DC:82:E8&j_qsCookie=JSESSIONID=6atwl6n6g00cht1apfj5tp47, vmware_soap_session=d0122775-e4b2-427b-9195-12ccf3a53b4c&sessionTicket=cst-VCT-5292c695-1069-a798-c4d7-08e3ad48fe04–tp-98-CC-31-66-6C-4F-85-6E-A6-09-09-89-22-28-90-23-23-DC-82-E8

      Where webclient is the address of the Web Client Server and vcenterserver is the address of vCenter server. If either of these values are incorrect, unregister and then register vCenter Server to the vSphere Web Client from the Web client Administration application. This application is located on the server running the vSphere Web Client. To launch the application, navigate to Start > Programs > VMware > VMware vSphere Web Client > vSphere Administration Application.

    • Validate that the vCenter Server proxy.xml file (located at C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter) has the appropriate configuration for the Web Client. A correct configuration appears similar to:
      <e id=”19″>
      <_type>vim.ProxyService.RedirectSpec</_type>
      <accessMode>httpsOnly</accessMode>
      <hostName> webclient</hostName>
      <port> 9443</port>
      <redirectType>permanent</redirectType>
      <serverNamespace>/vsphere-client</serverNamespace>
      </e>
      Where webclient is the address of the Web Client server. If either the port or the address to the Web client is incorrect, correct and then restart the VMware VirtualCenter Server service.
  • Troubleshoot permissions issues
    • There are 4 User Roles:
      •  Enterprise Administrator NSX Operations and Security
      • NSX Administrator NSX Operations only (install virtual appliances, configure port groups etc)
      • Security Administrator NSX Security only (define Data Security policies, create port groups, create reports etc)
      • Auditor Read Only
    • An NSX User/Group can only have one role
    • You cannot add a role to a user/group, or remove an assigned role from a user/group, you can however change the assigned role for a user/group.
    • There are 2 scopes which determine what resources a particular user can view
      • No restriction Access to the entire NSX system
      • Limit access scope Access only a specified Edge.
    • A user can be a member of a number of groups, and will inherit combined role permissions from those groups. If the user has a directly assigned role, this overrides the group permissions.
    • Given the above overview of NSX permissions, check for permissions allocated directly to a user, also check membership of the groups that permissions have been allocated to, as well as any scope limitation
  • Troubleshoot host preparation issues
    • In the Installation tab, click Host Preparation.
    • For each cluster, click Install in the Installation Status column.
      Note – While the installation is in progress, do not deploy, upgrade, or uninstall any service or component.
    • Monitor the installation until the Installation Status column displays a green check mark.

      If the Installation Status column displays a red warning icon and says Not Ready, click Resolve. Clicking Resolve might result in a reboot of the host. If the installation is still not successful, click the warning icon. All errors are displayed. Take the required action and click Resolve again.

      When the installation is complete, the Installation Status column displays 6.1 and the Firewall column displays Enabled. Both columns have a green check mark. If you see Resolve in the Installation Status column, click Resolve and then refresh your browser window.

  • Troubleshoot IP pool issues
    • I can’t find anything in the admin or installation guides about this. I guess the obvious things are to ensure that the IP Pool configuration matches the subnet (correct subnet mask etc) and that it’s not full.

Tools

  • NSX Installation and Upgrade Guide
  • NSX Administration Guide
  • NSX Command Line Interface Reference Guide
  • NSX Controller CLI
  • vSphere Web Client
Advertisements

One thought on “Objective 9.2 – Troubleshoot Common NSX Installation/Configuration Issues

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s