The NSX Network Detection and Response activation wizard reports an error after attempting to deploy the NSX Cloud Connector component.
Problem
As part of the NSX Network Detection and Response feature activation, the activation wizard attempts to deploy the NSX Cloud Connector component. The NSX Cloud Connector registers the NSX installation with the NSX Advanced Threat Prevention cloud service and builds a secure channel between the local resources and the cloud resources. If an issue is encountered during those steps, the activation wizard reports an NSX Cloud Connector deployment error, which blocks the NSX Network Detection and Response activation to continue and it eventually times out.
Cause
The NSX Cloud Connector establishes connectivity to the NSX Advanced Threat Prevention cloud service region that you selected and it triggers registration using the NSX licenses. If the connection is unavailable, the registration fails or times out.
Solution
- The NSX Cloud Connector uses the same communication channel that was previously validated during the NSX Network Detection and Response activation precheck. If the NSX configuration changed between running the NSX Network Detection and Response precheck and the actual NSX Network Detection and Response activation, rerun the activation precheck. If you encounter any error, follow the troubleshooting information for activation precheck failure.
- Ensure that NSX Application Platform is deployed correctly and is reported as STABLE on the UI page.
- Inspect the logs for the NSX Cloud Connector registration service.
- Collect an NSX Application Platform support bundle and inspect the logs for any Kubernetes pod with the name starting with cloud-connector-register.
- Alternatively, the logs can also be queried interactively on the NSX Manager appliance using the following steps.
- Log into the NSX Manager appliance as root.
- Use the following command to mark the Kubernetes configuration for any subsequent helm and kubectl invocations.
export KUBECONFIG=/config/vmware/napps/.kube/config
- Using the following command, ensure that the NSX Cloud Connector helm chart is deployed successfully.
helm --namespace nsxi-platform list --all --filter 'cloud-connector'
Verify that the STATUS property displays deployed. - Inspect that the registration pod is deployed and completed successfully.
kubectl --namespace nsxi-platform get pods --selector='job-name=cloud-connector-register'
The pod should show the STATUS as Completed. - Inspect events for the registration pod, using the following command.
kubectl --namespace nsxi-platform describe pod --selector='job-name=cloud-connector-register'
The Events section provides status of the registration job and the actions associated with the job. - Use the following command to inspect the logs for the registration pod.
kubectl --namespace nsxi-platform logs --selector='job-name=cloud-connector-register' --container=main
- After resolving the error, click Actions in the NSX Network Detection and Response feature card. Select Delete to initiate the deletion of the partially activated NSX Network Detection and Response feature. After the delete process finishes, retry activating the feature again.