Principles
- Troubleshoot lookup service configuration
- Troubleshoot vCenter Server link
- Troubleshoot licensing issues
- Troubleshoot permissions issues
- Troubleshoot host preparation issues
- Troubleshoot IP pool issues
References
- NSX Administration Guide
http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf
- nsx_62_install.pdf
https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_install.pdf
- NSX Command Line Interface Reference
http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cli.pdf
Troubleshoot lookup service configuration
- Check SSO service is running on vCenter:
- Linux: vmware-sso daemon
- Windows: vCenter Single Sign-On service
- Check the SSO Administrator user entered in the configuration is setup correctly in vCenter
- Verify NSX Manager can connect to port 443 on vCenter
- Check NSX Manager can resolve the name of vCenter
- Ensure NTP is configured and NSX Manager + ESXi hosts clocks are aligned
- Ensure the vCenter Certificate is valid and the CN matches that configured in NSX Manager
Troubleshoot vCenter Server link
- Verify NSX Manager can connect to port 443 on vCenter
- Check NSX Manager can resolve the name of vCenter
- Ensure NTP is configured and NSX Manager + ESXi hosts clocks are aligned
- Ensure the vCenter Certificate is valid and the CN matches that configured in NSX Manager
Troubleshoot licensing issues
- Default license from NSX 6.2.3 is “NSX for vShield Endpoint”
For vShield Endpoint anti-virus offload capability only – no VXLAN, Firewall etc
- Verify sufficient licences are available and assigned to NSX
Troubleshoot permissions issues
- Ensure a user has the correct role assigned for the function in hand:
- NSX Administrator: full access
- Security Administrator: restricted to security (firewall) configuration operations
- Auditor: read only access
See Objective 9.1 for a full explanation of rules and assignments
Troubleshoot host preparation issues
- Check DNS – NSX Manager needs to resolve all ESXi hostnames
- Check NTP – Clocks on ESXi and NSX Manager should be in alignment
- Check Firewall rules:
- TCP:80
- vCenter <-> ESXi
- vCenter -> NSX Manager
- TCP:443
- NSX Manager -> ESXi
- TPC: 902
- NSX Manager -> ESXi
- TCP:80
Troubleshoot IP pool issues
- Check Pools are not full
- Check gateway configured in Pool is correct