Troubleshoot lookup service configuration in NSX

 
There are three things to confirm when troubleshooting the lookup service configuration for NSX. If you haven’t already integrated NSX to SSO, please follow the instructions here.
 
The first thing to check, is that you have admin privileges. The SSO administrator in vSphere 5.5 and higher is administrator@vsphere.local. To be safe, I would recommend using this account for the integration, otherwise, confirm that you part of the SSO administrators Group.
 
If you do not have permissions, you will see the error below:
 

NSX Management Service operation failed.( Create NSX Manager Solution User at SSO failed. Root Cause: User has no permission. )

 
1
 
The second thing to check is DNS. If you are providing a Fully Qualified Domain Name for the Lookup Service IP and DNS isn’t configured correctly, you will see the following.
 

nested exception is java.net.UnknownHostException: vc5.vcloud.local( vc5.vcloud.local )

 
2
 
You should confirm your DNS servers as well:
 
4
 
Another thing to check, is that you are using the correct port and that it is open between the NSX Manager and Single Sign-On (no firewall blocking it). For the VCIX-NV, they are using SSO in vSphere 5.5, the port in 7444. If you use the wrong port, or it’s not open, you may see the following.

nested exception is java.net.ConnectException: Connection refused( Connection refused )

 
3
 
Finally, confirm NTP between the two services to ensure there is no time drift.
 
5
 
You can run the following command on the NSX manager as well, to confirm time settings.

nsxmanager> show clock
Sat May  2 18:57:17 UTC 2015

 

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top