VMware HCX

 Many active sessions in enter HCX

Oleksandr Terekhov's profile image
Oleksandr Terekhov posted Jun 04, 2024 10:45 AM
Hi friends
 
I have a problem with authentication on HCX
 
For some reason, access to it by FQDN:9443 and IP:9443 does not work
 
I can open it only by simply specifying the IP address without the port, but there is a problem here too.
 
Every time I try to log in as an administrator or a user with administrative rights, I get the error:
 
Invalid username or password, or too many active sessions
(https://community.broadcom.com/discussion/invalid-username-or-password-or-too-many-active-sessions - Tried this solution did not help)
I can easily connect via SSH using administrator accounts.
I decided to check the status of the appliances in all three of them, the status is connected
When using the hc -d command on appliance number 2, I noticed that one service had an error.
 
[+] systemService:
 [-] service.status
 [*] cgw ............ good
 > Service cgw is running properly.
 [*] ntpd ............ critical
 > Service ntpd is not running properly.
 [*] crond ............ good
 > Service crond is running properly.
 [*] vmtoolsd ............ good
 > Service vmtoolsd is running properly.
 [*] hamon ............ good
 > Service hamon is running properly.
 [*] ipsec ............ good
 > Service ipsec is running properly.
^C[+] encryptService:
 [-] encrypt.daemons
 [*] ipsec ............ good
 > Service ipsec is running properly.

Tried restarting services to no avail
  • # systemctl restart app-engine
  • # systemctl restart web-engine
  • # systemctl restart appliance-management
Throws an error time out

I can't change anything through Vcenter  I get an error


Also noticed that the service kafka not started 

● kafka.service - Kafka
     Loaded: loaded (/etc/systemd/system/kafka.service; enabled; vendor preset: enabled)
     Active: activating (start) since Tue 2024-06-04 16:35:53 EEST; 10s ago
    Process: 30193 ExecStartPre=/etc/systemd/service-dependency-check.sh zookeeper (code=exited, status=0/SUCCESS)
    Process: 30199 ExecStartPre=/etc/systemd/pre-kafka-start (code=exited, status=0/SUCCESS)
Cntrl PID: 30241 (kafka-start)
      Tasks: 2 (limit: 2385)
     Memory: 324.0K
     CGroup: /system.slice/kafka.service
             ├─30241 /bin/bash /etc/systemd/kafka-start
             └─30322 sleep 15
 
Jun 04 16:35:54 HCX-Connector pre-kafka-start[30223]: 16:35:54.417 [main-SendThread(localhost:2181)] DEBUG org.apache.zookeeper.ClientCnxn - Reading reply session id: 0x1000000593c074f, pa>
Jun 04 16:35:54 HCX-Connector pre-kafka-start[30223]: Node does not exist: /brokers/ids/0
Jun 04 16:35:54 HCX-Connector pre-kafka-start[30223]: 16:35:54.425 [main] ERROR org.apache.zookeeper.util.ServiceUtils - Exiting JVM with code 1
Jun 04 16:35:54 HCX-Connector pre-kafka-start[30199]: Removed stale controller and broker ids from zookeeper before kafka.
Jun 04 16:35:54 HCX-Connector kafka-start[30241]: Starting KAFKA ...Waiting for zookeeper to start..
Jun 04 16:35:54 HCX-Connector kafka-start[30242]: ZooKeeper JMX enabled by default
Jun 04 16:35:54 HCX-Connector kafka-start[30242]: Using config: /etc/zookeeper/zoo.cfg
Jun 04 16:35:54 HCX-Connector kafka-start[30282]: ZooKeeper JMX enabled by default
Jun 04 16:35:54 HCX-Connector kafka-start[30282]: Using config: /etc/zookeeper/zoo.cfg
Jun 04 16:35:55 HCX-Connector kafka-start[30241]: Zookeeper is running. Waiting for processes to start..


Help me to figure it out, because it seems that I start from one problem and throw myself into another and in this way I will not find a solution

And I really need to resume migration

virtsysadmin's profile image
virtsysadmin posted Jun 05, 2024 09:18 AM

HI Olek,

"Invalid username or password, or too many active sessions"—You have probably reset VC certs, or for any other reason, like resetting the password, VC and HCX communication was broken, and you needed to reconnect HCX to VC via port 9443. 

9443 access is not working because Kafka/zookeeper is not running, are essential services. 

First, you can stop and start services. 

https://knowledge.broadcom.com/external/article?legacyId=93169

# systemctl stop postgresdb
# systemctl stop zookeeper 
# systemctl stop kafka 
# systemctl stop app-engine 
# systemctl stop web-engine 
# systemctl stop appliance-management

# systemctl start postgresdb
# systemctl start zookeeper
# systemctl start kafka
# systemctl start app-engine
# systemctl start web-engine
# systemctl start appliance-management


If this does not work, please open an SR with support; additional steps will needed

BR
Bimal 



Oleksandr Terekhov's profile image
Oleksandr Terekhov posted Jun 10, 2024 11:23 AM
Thank you for the recommendations, unfortunately, when restarting the services, I get an error about a long waiting time!
 
If possible, please share an article that describes the deployment and reinstallation of appliances via CLI
 
Wants to try it as an option
Jesse Schachter's profile image
Broadcom Employee Jesse Schachter posted Jun 11, 2024 01:02 PM

it’s not clear to me what exactly are you trying to do and why you are trying various ports. To login to hcx manager, you can ssh to it and login as admin. The appliance management web ui is on port 9443 also login is only possible for admin. Port 443 web ui authenticates via SSO