- Registering NSX Manager to vCenter Server fails
- Configuring the SSO Lookup Service fails
- The following errors may appear:
nested exception is java.net.UnknownHostException: vc.local( vc.corp.local )
NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.sso.admin.exception.InternalError: General failure.
com.vmware.vshield.vsm.security.service.impl.SamlTokenSSOAuthenticator : SSO is not configured or initialized properly so cannot authenticate user.
- Connectivity issues:
If NSX Manager is having connectivity issues either with vCenter Server or the ESXi host, log in to the NSX Manager CLI console, run the command:
debug connection IP_of_ESXi_or_VC, and examine the output.
Ping from NSX Manager to the vCenter Server with the IP address and FQDN to check for routing, or static, or default route in NSX Manager, using this command:
nsxmgr-l-01a# show ip route
K – kernel route,
C – connected,
S – static
> – selected route,
* – FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.110.2, mgmt
C>* 192.168.110.0/24 is directly connected, mgmt
- DNS Issue
Ping from NSX Manager to vCenter Server with FQDN using this command:
nsx-mgr> ping vc-l-01a.corp.local
Output similar to the following example should appear:
nsx-mgr> ping vc-l-01a.corp.local PING vc-1-01a.corp.local (192.168.110.51): 56 data bytes 64 bytes from 192.168.110.51: icmp_seq=0 ttl=64 time=1.749 ms 64 bytes from 192.168.110.51: icmp_seq=1 ttl=64 time=2.111 ms 64 bytes from 192.168.110.51: icmp_seq=2 ttl=64 time=8.082 ms 64 bytes from 192.168.110.51: icmp_seq=3 ttl=64 time=2.010 ms 64 bytes from 192.168.110.51: icmp_seq=4 ttl=64 time=0.857 ms
If this does not work, navigate to Manage > Network > DNS Servers in NSX Manager and ensure that DNS is properly configured.
- Firewall Issue
If there is a firewall between NSX Manager and vCenter Server, verify that it allows SSL on TCP/443. Also, ping to check connectivity.
- Verify that the following required ports are open in NSX Manager.
Table 1. NSX Manager Open Ports Port Required for 443/TCP
Downloading the OVA file on the ESXI host for deployment
Using REST APIs
Using theNSX Manager user interface
Initiating connection to the vSphere SDK
Messaging between NSX Manager and NSX host modules
1234/TCP Communication between NSX Controller and NSX Manager 5671 Rabbit MQ (messaging bus technology) 22/TCP
Console access (SSH) to CLI
Note: By default, this port is closed
- NTP Issues
Verify that time is synchronized between vCenter Server and NSX Manager. To achieve this, use the same NTP server configurations on the NSX Manager and vCenter Server.
To determine the time on the NSX Manager, run this command from the CLI:
nsxmgr-l-01a# show clock
Tue Nov 18 06:51:34 UTC 2014
To determine the time on the vCenter Server, run this command on the CLI:
vc-l-01a:~ # date
Output similar to the following should appear:
Tue Nov 18 06:51:31 UTC 2014
Note: After configuration of Time settings, restart the appliance.
- User Permission Issues
Confirm that the user has admin privileges.
To register to vCenter Server or SSO Lookup Service, you must have administrative rights.
The default account is
administrator user: firstname.lastname@example.org
- Reconnect to SSO by entering the credentials.