Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Not able to Update Signatures. Latest update not visible in NSX UIThere are 2 exceptions/issues that can be seen on the impacted version : /var/log/policy/policy.log Exception 1: 2022-01-06T07:24:18.152Z INFO http-nio-127.0.0.1-6440-exec-111 PolicyIDSFacadeImpl 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" reqId="273c52e3-98b8-48fe-a1a6-e0a8b8b120db" subcomp="policy" username="admin"] IDS - Got the request to trigger Signature download 2022-01-06T07:24:18.152Z INFO asyncExecutor-3 IdsSignatureUtils 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS - Starting Signature update process 2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS - Triggering the Signature download from NSX Intel Cloud 2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS- cloud registration is not yet done. 2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS: Getting the license info 2022-01-06T07:24:18.153Z WARN asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="WARNING" subcomp="policy"] No Enforcement point found 2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"errorCode="MP523681" level="ERROR" subcomp="policy"] NSX Data Center Distributed Threat Prevention key not present. IDS need Threat License Key in order to work.2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 SimpleAsyncUncaughtExceptionHandler 6920 Unexpected exce ption occurred invoking async method: public void com.vmware.nsx.management.policy.ids.utils.IDSOnDeman dScheduler.startDownload() Exception 2: 2022-03-03T14:27:50.147Z ERROR asyncExecutor-1 PolicyIDSUtils 15460 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP523675" level="ERROR" subcomp="policy"] Got Exception while registering With NSX cloud client - org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.vmware.com org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.vmware.com Steps to Reproduce the Issue: Federated SetupInternet connection for NSX manager appliance via ProxyTry to download the signatures
The purpose of this article is to provide awareness of a known issue.
With federated setup there are multiple enforcement point. Code on impacted version not able to determine the correct enforcement point leads to this issue.
Not able to update latest Signatures for IDPS
Issue is fixed in 3.1.3.7 and 3.2.X onwardsThis Issue is also fixed in the HP 3.1.2.0.2916417. (Contact VMware Technical Support for details)
Offline Signature download can be used as a Workaround