NSX Service Manager stays at “Out of Sync”
8120
Created On 03/12/20 03:32 AM - Last Modified 04/04/20 00:32 AM
Symptom
- Service Manager status on Panorama stays “Out of Sync”. When clicking on connection status it shows “Service List is missing on Panorama…Downloading new one.”
- Click on the “Out of Sync” connection status to check the reason for the config being out of sync. [Figure A]
- Verify whether the NSX Services are being pulled on to Panorama under Steering Rules > NSX Services as seen in [Figure B]
- Verify whether services present on NSX Firewall [Figures C & D] are showing up completely under Panorama > Steering Rules > NSX Services [Figure B]
- Set logging level on plugin to high from Panorama CLI and trigger NSX config sync under Panorama > VMware NSX > Service Manager > NSX Config Sync
2018-12-10 14:24:20 sh: line 0: export: `nsx-mgr=DEV_SOC_PAN': not a valid identifier
2018-12-10 14:24:30.577 -0500 ERROR: Failed to write service list, error: 'ascii' codec can't encode character u'\u2013' in position 26844: ordinal not in range(128)
2018-12-10 14:24:30.577 -0500 ERROR: DEV_SOC_PAN: Failed to process service-list info.
2018-12-10 14:24:30.578 -0500 DEBUG: No sdefs for DEV_SOC_PAN for nsx
2018-12-10 14:24:30.579 -0500 DEBUG: No sprofs for section update-del operations.
2018-12-10 14:25:07.315 -0500 ERROR: (Monitor) DEV_SOC_PAN: Services list is missing on Panorama...Downloading new one.."
- Above log snippet shows, plugin fails to decode the names of services from NSX which use non-ascii characters (em dash)
Environment
- Platform: Panorama
- PAN-OS / Plugin Version: 8.0.10 / 2.0.3
- Deployment: Security Centric
Cause
- Panorama plugin seems to have a problem with conversion of non-ASCII characters in service names from NSX service list.
- Most common hyphens use ascii Unicode character U+2014 (en dash) whereas in this case em dash was used.
Resolution
- This issue has been addressed in Panorama NSX plugin version 2.0.4 or later