Friday, March 20, 2015

NSX Host Preparation Not Ready

ShortURL to this blog post: http://vexpert.me/nsxhostpreptshoot

One of the steps required to install NSX-v is preparing clusters or hosts for NSX which will install three new VIBs to ESXi hosts (in the Kernel space) and the process will be done per cluster not per host.
The steps are quite straight forward, after you have your NSX Manager registered to your vCenter Server and get your NSX Controllers deployed, you just need to go to Host Preparation Tab > choose your desired cluster > hit Install


More about preparing clusters for NSX can be found from below links:
Getting Started Guide for NSX vSphere
NSX will send a request to EAM to calls vCenter Server to install the three VIBs.
ESXi downtime or reboot is not required for this but Upgrade or Uninstall requires a reboot, if you have DRS and vMotion networking setup, it will automatically set some of your hosts to maintenance and reboot it so there will be no downtime to your workload VMs.
Upon successful installation, the Installation Status column will display the NSX version and Firewall column Enabled.
But if not successful, the Installation Status column will display a red warning icon says Not Ready and Resolve.
Try clicking the resolve button to repush NSX request to install the VIBs, if nothing changed and still saying Not Ready you might need to check your setup and also check some logs.
Below are 2 log files that you can check:
  1. /var/log/esxupdate.log in ESXi host
  2. eam.log in vCenter Server. ProgramData/VMware/VMware VirtualCenter/Logs/ for Windows vCenter or /storage/log/vmware/vpx/eam.log for Linux vCenter
Below are the most common issues:
  1. DNS configuration on your vCenter Server, ESXi host, NSX Manager, and DNS forward + reverse records on your DNS servers
  2. Time Sync on ESXi Hosts and NSX Managers, use NTP server whenever possible
  3. TCP ports, check if any of required firewall ports are blocked. See the NSX Hardening Guide to check all required ports for NSX
  4. Verify if vCenter Server Managed IP is set and correct. See KB 1008030 on how to check this.
  5. Update Manager service is stopped or having issues if you have VUM installed. 
If you have error log under eam.log similar to below, you might have some issues on your Update Manager or connection to your Update Manager
“com.vmware.vim.vmomi.client.exception.ConnectionException: org.apache.http.conn.HttpHostConnectException: Connection to https://<vCenter_Server_Hostname>:8084 refused”
A workaround for this is to temporarily bypass VUM so EAM can continue to install the VIB. The steps are similar to KB 2053782 but instead of setting it to false, set it to true.

Below are the complete steps:
  1. Open a browser to the MOB at:
    https://vCenter_Server_IP/eam/mob/
  2. Log in with Administrator privileges.
  3. Select an agency from the agency list. This is usually agency-0. If not, select the appropriate agency.
  4. Click Config. This should be a URL where agency-0 is replaced by your local agency ID.
    For example:
    https://vCenter_Server_IP/eam/mob/?moid=agency-0&doPath=config
  5. Set the bypassVumEnabled flag to true:
  6. Using the agency ID identified in Step 3, change the browser URL:
    https://vCenter_Server_IP/eam/mob/?moid=agency-<0>&method=Update
  7. In the config field, change the value from false to true. Change the existing configuration options to match this:
    <config>
    <bypassVumEnabled>true</bypassVumEnabled>
    </config>

  8. Click Invoke Method and go back to the previous link to check if the value gets updated.
  9. Back to NSX Host Preparation Tab and click Resolve. You should be able to proceed with the VIBs installation now. Note: if you have multiple clusters, you would need to set the bypassVumEnabled flag to true per cluster since the agency-# will be created per cluster
Below are some related links that are helpful to understand NSX Host Preparation and help you further to troubleshoot:
 If you are still not able to resolve your issue, you can always contact VMware Support


1 comment:

Anonymous said...

Nice one, hadn't seen the KB but came across your blog post.
Cheers Clint_NZ