Search the VMware Knowledge Base (KB)
View by Article ID

Troubleshooting VMware NSX Manager (2125433)

  • 1 Ratings

Symptoms

  • Installing VMware NSX Manager fails
  • Upgrading VMware NSX Manager fails
  • Logging in to VMware NSX Manager fails
  • Accessing VMware NSX Manager fails

Purpose

This article provides information on understanding and troubleshooting VMware NSX Manager.

Overview

VMware NSX Manager

The NSX Manager is the management plane virtual appliance that helps configure logical switches and connect virtual machines to these logical switches. It also provides the management UI and entry point for API for NSX, which helps automate deployment and management of the logical networks through a Cloud management platform. In the NSX for vSphere architecture, the NSX Manager is tightly connected to the vCenter Server managing the complete infrastructure. In fact, there is a 1:1 relationship between the NSX Manager and vCenter Server and upon installation, the NSX Manager registers with vCenter Server and injects a plugin into the vSphere Web Client for consumption within the Web management platform.

troubleshooting VMware NSX Manager

The NSX Manager is responsible for:

  • Deploying the controller cluster
  • Preparing the ESXi hosts
  • Installing the various vSphere Installation Bundles (VIBs) to enable VXLAN, Distributed Routing, Distributed Firewall and a user world agent used to communicate at the control plane level.


The NSX Manager is also responsible for the deployment and configuration of the NSX Edge Services Gateways and associated network services, such as Load Balancing, Firewalling, and NAT.

The NSX Manager also ensures security of the control plane communication of the NSX architecture by creating self-signed certificates for the nodes of the controller cluster and for each ESXi host that are allowed to join the NSX domain. The NSX Manager installs those certificates to ESXi hosts and the NSX Controller(s) over a secure channel. After that, mutual authentication of NSX entities occurs by verifying the certificates. After this mutual authentication is completed, control plane communication is encrypted.

In terms of resiliency, because the NSX Manager is a virtual machine, the recommendation is to leverage the usual vSphere functionalities (such as vSphere HA) to ensure that the NSX Manager can be dynamically moved if the ESXi hosts in which it runs fails. It is worth noticing that such failure scenario would temporarily impact only the NSX management plane, while the already deployed logical networks would continue to operate seamlessly.

Finally, NSX Manager data, including system configuration, events and audit log tables(stored in the internal database), can be backed up at any time by performing an on-demand backup from the NSX Manager GUI and saved to a remote location that must be accessible by the NSX Manager. It is also possible to schedule periodic backups to be performed (hourly, daily or weekly). Notice that restoring a backup is only possible on a freshly deployed NSX Manager appliance that can access one of the previously backed up instance.

For more information, see VMware NSX for vSphere (NSX-V) Network Virtualization Design Guide and NSX Administration Guide.

Resolution

Validate that each troubleshooting step is true for your environment. Each step provides instructions or a link to an article to eliminate possible causes and take corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Do not skip a step.
  • For VMware NSX for vSphere 6.1.x

    COMPONENT MINIMUM
    Memory 12GB
    Disk Space 60GB
    vCPU 4 vCPU

  • For VMware NSX for vSphere 6.2.x. For more information on VMware NSX for vSphere 6.2.x, see the NSX for vSphere 6.2 Installation Guide.

    COMPONENT MINIMUM
    Memory 16GB
    Disk Space 60 GB
    vCPU 4 vCPU

  • For VMware NSX for vSphere 6.3.x. For more information on VMware NSX for vSphere 6.3.x, see the NSX for vSphere 6.3.x installation guide.

    COMPONENT MINIMUM
    Memory 16GB
    Disk Space 60 GB
    vCPU 4 vCPU

  • Verify that all required ports are open in NSX Manager

    Port Required for
    443/TCP
    • Downloading the OVA file on the ESXi host for deployment.
    • Using REST APIs.
    • Using the NSX Manager user interface.
    80/TCP Initiating connection to the vSphere SDK.
    1234/TCP Communication between ESXi host and NSX Controller Clusters.
    5671 Rabbit MQ (messaging bus technology)
    22/TCP Console access (SSH) to CLI. By default, this port is closed.

Installation issues:

Upgrade issues:

  • Before upgrading, refer the latest interoperability information in the Product Interoperability Matrixes page.
  • VMware recommends to backup the NSX Manager prior to doing the upgrade.
  • A force-resync with the vCenter Server may be required after the NSX Manager upgrade. To do this, log in to the NSX Manager Web Interface GUI > Manage vCenter Registration > NSX Management Service > Edit, re-enter the password for the vCenter User Name.

Performance issues:

Connectivity issues:

Gathering Logs

Note: If your problem still exists after trying the steps in this article, gather the NSX Log bundle. For more information, see Collecting diagnostic information for VMware NSX for vSphere 6.x (2074678). Also, VMware Support requests for the following information along with the NSX Log bundle:

  • Version of the NSX Manager.
  • Version of the vCenter Server.
  • Steps to reproduce the issue. If the issue is reproducible, enable debug mode and then gather the NSX Log bundle. Contact VMware Support for assistance by filing a support request and note this KB Article ID (2125433) in the problem description. For more information, see How to Submit a Support Request.
  • Is Single-Sign-On enabled or not?
  • Provide the approximate number of objects specifically the type of virtual machines, ESXi hosts and security groups.
  • If Firewall is configured, is flow monitoring enabled or not?
  • Was the issue seen after upgrading the NSX Manager and/or vCenter Server?
  • Is there an automation using VMware REST APIs?

How to enable DEBUG logging

If the issue is re-producible, VMware recommends to enable DEBUG mode. Once configured to then gather the Tech support logs. For more information, see Collecting diagnostic information for VMware NSX for vSphere 6.x (2074678).

It is also possible to change the Log levels dynamically without restarting the NSX Manager. To enable Debug mode, use the REST API call:

Notes: Prior to doing the steps, ensure that:

  • You have basic authorization with the NSX Manager web credentials such as the admin user, or any vCenter Server user granted NSX privileges.
  • Headers Content-type: application/xml and Accept: application/xml are used.
For more information on how to make API calls to the NSX Manager, see the Using the NSX REST API section in the VMware NSX for vSphere API Guide.

To enable DEBUG mode, make a REST API call:

POST Method:

https://VSM_Manager_IP/api/1.0/services/debug/loglevel/com.vmware.vshield?level=DEBUG

Note: Starting with NSX for vSphere 6.2.4, a Central CLl command has been introduced to show and set the NSX Manager Log level.

The log levels are:

OFF
FATAL
WARN
ERROR
INFO
DEBUG
TRACE
ALL

To set the NSX Manager Log level:

  1. Log in to the NSX Manager console with admin credentials.
  2. Run this command:

    set PACKAGE-NAME logging-level LEVEL

    Note: For REST API, POST https://nsxmgr_ip/api/1.0/services/debug/loglevel/<module>?level=INFO|DEBUG

To show the NSX Manager Log level:

  1. Log in to the NSX Manager console with admin credentials.
  2. Run this command:

    show PACKAGE-NAME logging-level

    Note: For REST API, GET https://nsxmgr_ip/api/1.0/services/debug/loglevel/<module>?inherited=true|false

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: