Service Manager not created under NSX
7368
Created On 03/10/20 22:31 PM - Last Modified 03/18/20 21:56 PM
Symptom
Upon creating Service Manager under Panorama, corresponding VMware Service Manager is not created under NSX -> Service Definitions -> Service Managers
- Set logging level on plugin to high from Panorama CLI and trigger NSX config sync under Panorama > VMware NSX > Service Manager > NSX Config Sync
> request plugins debug level high plugin-name vmware_nsx
- Review System Logs and/or Plugin logs to understand and verify the failure events.
System Logs:
2018/10/30 13:48:48 medium plugin general 0 000710000702 Plugin vmware_nsx: Push to following NSX failed: Dev_Palo_VM-South
2018/10/30 13:48:48 low plugin general 0 000710000702 Plugin vmware_nsx: Dev_Palo_VM-South:
Failed to create object Dev_Palo_VM-South of type service-manager. Error code is 0
plugin_vmware_nsx.log
2018-10-30 13:45:31.295 -0400 INFO: Dev_Palo_VM-South: Creating service Manager. 2018-10-30 13:45:31.318 -0400 INFO: Dev_Palo_VM-South: Resp from NSX for not creating. 2018-10-30 13:45:31.318 -0400 ERROR: Dev_Palo_VM-South: Failed to create service-manager 2018-10-30 13:45:31.318 -0400 ERROR: Dev_Palo_VM-South: Received a 0 2018-10-30 13:45:31.343 -0400 ERROR: Dev_Palo_VM-South: Failed to get resp Object Dev_Palo_VM-South of type service-managerReturn value is 0
- Above log snippet shows that plugin failed to create the service manager. Also, it failed to get response from NSX Manager
- Check connectivity from management interface to NSX Manager using ping. If this fails, troubleshoot network connectivity from Panorama to NSX Manager.
- If ping succeeds that implies, we have layer 3 connectivity, perform traceroute to identify any devices in path.
- Perform tcpdump on management interface of the Panorama. Generally, the filter should be with destination as NSX Manager IP however, if Proxy server is configured on Management interface, the filter should be the proxy server’s IP as all outgoing packets would be destined to Proxy server IP. In this case, you may see HTTP 503 error Service Unavailable
> tcpdump filter “host <nsx_manager_IP>” or > tcpdump filter “host <proxy_IP>”
HTTP/1.0 503 Service Unavailable Connection: close
- If you notice above error on the packet captures, try bypassing the proxy for NSX Manager connection using below CLI:
> request plugins vmware_nsx proxy bypass yes
- If there is no proxy configuration or bypassing proxy still does not resolve the issue, check other devices in path from Panorama management interface to NSX Manager
Environment
- Platform: Panorama
- PAN-OS / Plugin Version: Any
- Deployment: Any
Cause
- HTTP traffic was blocked by the proxy server for the port in question
- If connection not blocked by proxy, other device in path could be potentially blocking the connection.
Resolution
- Remove the proxy server configuration from management interface