Objective 10.2 – Troubleshoot Common NSX Installation/Configuration Issues

Principles

  1. Troubleshoot lookup service configuration
  2. Troubleshoot vCenter Server link
  3. Troubleshoot licensing issues
  4. Troubleshoot permissions issues
  5. Troubleshoot host preparation issues
  6. Troubleshoot IP pool issues

References

  1. NSX Administration Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf

  1. nsx_62_install.pdf

https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_install.pdf

  1. NSX Command Line Interface Reference

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cli.pdf

Troubleshoot lookup service configuration

  • Check SSO service is running on vCenter:
    • Linux: vmware-sso daemon
    • Windows: vCenter Single Sign-On service
  • Check the SSO Administrator user entered in the configuration is setup correctly in vCenter
  • Verify NSX Manager can connect to port 443 on vCenter
  • Check NSX Manager can resolve the name of vCenter
  • Ensure NTP is configured and NSX Manager + ESXi hosts clocks are aligned
  • Ensure the vCenter Certificate is valid and the CN matches that configured in NSX Manager

Troubleshoot vCenter Server link

  • Verify NSX Manager can connect to port 443 on vCenter
  • Check NSX Manager can resolve the name of vCenter
  • Ensure NTP is configured and NSX Manager + ESXi hosts clocks are aligned
  • Ensure the vCenter Certificate is valid and the CN matches that configured in NSX Manager

Troubleshoot licensing issues

  • Default license from NSX 6.2.3 is “NSX for vShield Endpoint”

For vShield Endpoint anti-virus offload capability only – no VXLAN, Firewall etc

  • Verify sufficient licences are available and assigned to NSX

Troubleshoot permissions issues

  • Ensure a user has the correct role assigned for the function in hand:
    • NSX Administrator: full access
    • Security Administrator: restricted to security (firewall) configuration operations
    • Auditor: read only access

See Objective 9.1 for a full explanation of rules and assignments

Troubleshoot host preparation issues

  • Check DNS – NSX Manager needs to resolve all ESXi hostnames
  • Check NTP – Clocks on ESXi and NSX Manager should be in alignment
  • Check Firewall rules:
    • TCP:80
      • vCenter <-> ESXi
      • vCenter -> NSX Manager
    • TCP:443
      • NSX Manager -> ESXi
    • TPC: 902
      • NSX Manager -> ESXi

Troubleshoot IP pool issues

  • Check Pools are not full
  • Check gateway configured in Pool is correct