Data Center Security

 View Only

  • 1.  DSC and vsphere/nsx configuration

    Posted May 21, 2017 11:16 PM

    So we are trying to find a fix for an issue we are running into.

    We are deploying a new install of DSC and we are running into trouble trying to configure the UMC for the Vsphere/NSX

     

    We keep running into the following two errros depening on which users we try to use to add vsphere/nsx to UMC

    1 - The specified user does not have the Enterprise Administrator role that is required to configure the NSX settings.

    or

    2 - The given NSX Manager is not paired with the vCenter '192.168.XX.XX'. Check the NSX Manager details.

     

    Now error 1 happens when we try to use any SSO user that does have the Enterprise Administrator rights on that user, and we had tried different users, the default Adminsitrator user for vphere, even creating a new user as well.

    Now error 2 happen when we try to use the local admin of the NSX.

     

    All the articles I find basically say make sure the NSX and Vsphere pair is correct. Which it is, we log into the appliance and it shows connected, as well as from within vsphere itself

    So we are not sure where to go from here.

     

     



  • 2.  RE: DSC and vsphere/nsx configuration

    Posted May 24, 2017 09:34 AM

    What's the version of ESX, vCenter, NSX, and DCS?



  • 3.  RE: DSC and vsphere/nsx configuration

    Posted May 25, 2017 02:29 AM

    If you can post the versions, that'd help as different versions have different traps. For instance, the following won't work in DCS 6.6.

    I was able to get DCS 6.7 MP1 working with NSX 6.2.4 with the following combination of syntaxes;

    1. NSX Manager is pared with vCenter Server using a domain account referencing the FQDN in the username@domain syntax. This created the user in NSX as an Enterprise Administrator.

    2. In UMC, For the vCenter entry I also used the vCenter FQDN (not the IP address, as my SSL certs use FQDN). For the user syntax I used NetBIOS\user. I did a Test Connection to validate this much. Then for the NSX Manager, it made no difference what account I used, the only one that worked was the NSX admin account. When I mentioned this to Symantec, they already knew about it.

    Good Luck.

    Hamish



  • 4.  RE: DSC and vsphere/nsx configuration

    Posted May 30, 2017 04:01 PM

    Sorry, had trouble to log into the forums again. It shows that i was not logged in but was...

    Anyway my setup is as follow

     

    Vsphere 6.0 3634793   --- Running on Windows Server 2012 R2

    NSX Manager 6.3.1 -- Installed and configued into vCenter just fine, it even did the Guest Interpoation deployment ok

    Symantec Data Center Security Server 6.7 MP1 using evaluation mode with local SQL server

     

    When I go to add my vsphere server and nsx server is where I am getting the issue

    When I enter the vCenter information it seems to be ok, I can test connection for that just fine

    When I enter the NSX manager infomation, it keeps giving me the error 

        "The given NSX Manager is not paired with the vCenter '192.168.10.75'. Check the NSX Manager details."

    This is does not matter which account I try. and yes I had confimed with VMware as well that it should be the Admin user from the NSX mananger

    And had confirmed with VMWare that the NSX manager and vCenter are configured correctly so its not on that side

    It even shows that the user authentication is valid but it will not the DSC UMC will not accept it due to the above errror

    I have had a case open with phone support but so far they have not been helpful.

     
     


  • 5.  RE: DSC and vsphere/nsx configuration
    Best Answer

    Posted May 30, 2017 04:25 PM

    NSX 6.3.1 is not supported yet. The only solution is to roll back to a supported version or wait until a future MP when 6.3.1 is supported.

    For 6.7 MP1 the following versions are supported:

    NSX – v6.1.3, v6.1.4, v6.1.7, v6.2, v6.2.2, 6.2.4



  • 6.  RE: DSC and vsphere/nsx configuration

    Posted May 30, 2017 06:58 PM

    As Shane as said, you should aim for a supported NSX version. But that doesn't necessarily mean 6.3.1 won't work.

    I ran into a similar issue that you're seeing when I was trying to configure DCS 6.6. VMware would have you use FQDNs for everything, but the UMC interface ONLY accepted IP. This meant that UMC would query NSX Manager for a vCenter Server identified by it's IP address, but my NSX Manager only only knew the FQDN. When I changed NSX to use the IP address for the vCenter, it worked. 

    When I upgraded to 6.7 MP1 with Symantec on a Webex, they were adament FQDNs should be used in the new version citing something about the SSL certs.

     



  • 7.  RE: DSC and vsphere/nsx configuration

    Posted May 31, 2017 03:13 PM

    That's true about the certificate issue. Everytime I've been through the integration and it didn't work the NSX version support was the issue.



  • 8.  RE: DSC and vsphere/nsx configuration

    Posted Jun 04, 2017 08:21 PM

    HI, Just wanted to update this post.

    I have it now insalled succesfully and working.

    There was 2 things

    1 - the wrong version of the NSX manager, I was trying with 6.3.1, but it only supports up to 6.2.4 so I had to remove an reinstall that.

    2 - for the connection settings I used the following

    vVcenter IP -- FQDN of server

    User / Pass, the administrator password for vcetner

    NSX Manager

    Ipaddress - ip address of it

    user/pass - the aadmin user/pass for the CLI default user.

     

    Thanks for the help.