Refer to this section to troubleshoot NSX issues that you might encounter.
Unable to Change NSX Appliance Password
You might be unable to change the NSX appliance password for the root
, admin
, or audit
users.
Problem
Attempts to change the NSX appliance password for the root
, admin
, or audit
users. through the vSphere Client may fail.
Cause
During the installation of the NSX Manager, the procedure only accepts one password for all three roles. Attempts to change this password later may fail.
Solution
- ♦ Use the NSX APIs to change the passwords.
For more information, see https://kb.vmware.com/s/article/70691 and the NSX Administration Guide.
Troubleshooting Failed Workflows and Unstable NSX Edges
If your workflows fail or the NSX Edges are unstable, you can perform troubleshooting steps.
Problem
When you change the distributed port group configuration on the vSphere Client, workflows might fail and the NSX Edges might become unstable.
Cause
Removal or modification of the distributed port groups for overlay and uplink that were created during the NSX Edge cluster setup of cluster configuration, is not allowed by design.
Solution
If you require to change the VLAN or IP Pool configuration of NSX Edges, you must first remove elements of NSX and the vSphere IaaS control plane configuration from the cluster.
For information about removing elements of NSX, see the NSX Installation Guide.
Collect Support Bundles for Troubleshooting NSX
You can collect support bundles on registered cluster and fabric nodes for troubleshooting and download the bundles to your machine or upload them to a file server.
If you choose to download the bundles to your machine, you get a single archive file consisting of a manifest file and support bundles for each node. If you choose to upload the bundles to a file server, the manifest file and the individual bundles are uploaded to the file server separately.
Procedure
Collect Log Files for NSX
You can collect logs that are in the vSphere IaaS control plane and NSX components to detect and troubleshoot errors. The log files might be requested by VMware Support.
Procedure
- Log in to the vCenter Server using the vSphere Client .
- Collect the following log files.
Log File Description /var/log/vmware/wcp/wcpsvc.log Contains information related to vSphere IaaS control plane enablement. /var/log/vmware/wcp/nsxd.log Contains information related to the NSX components configuration. - Log in to NSX Manager.
- Collect the /var/log/proton/nsxapi.log for information on the error that the NSX Manager returns when a specific vSphere IaaS control plane operation has failed.
Restart the WCP Service If the NSX Management Certificate, Thumbprint, or IP Address Changes
If the NSX Management certificate, thumbprint or IP address changes after you have installed vSphere IaaS control plane, you must restart the WCP
service.
Restart the WCP
Service If the NSX Certificate Changes
Currently, vSphere IaaS control plane requires that if the NSX certificate or thumbprint, or if the NSX IP address changes, you must restart the WCP
service for the change to take effect. If either change occurs without a restart of the service, communication between vSphere IaaS control plane and NSX fails and certain symptoms can arise, such as NCP entering into CrashLoopBackoff stage or Supervisor resources becoming undeployable.
WCP
service, use the
vmon-cli
.
- SSH to the vCenter Server and log in as the root user.
- Run the command
shell
. - Run the command
vmon-cli -h
to view usage syntax and options. - Run the command
vmon-cli -l
to view thewcp
process.You see the
wcp
service at the bottom of the list. - Run the command
vmon-cli --restart wcp
to restart thewcp
service.You see the message
Completed Restart service request
. - Run the command
vmon-cli -s wcp
and verify that thewcp
service is started.For example:root@localhost [ ~ ]# vmon-cli -s wcp Name: wcp Starttype: AUTOMATIC RunState: STARTED RunAsUser: root CurrentRunStateDuration(ms): 22158 HealthState: HEALTHY FailStop: N/A MainProcessId: 34372