nutanix prism server is not reachable

Whether on PE or PC (up to the current latest major releaseAOS5.16), the role options for local users are: The UI shows checkbox options for cluster admin and user admin. Creare un catalogo di macchine che utilizzi un'istantanea di un'immagine master creata sull'hypervisor Nutanix. If the below requirements if the resources are low will get the same issue. To add an authentication directory, click the New Directory button. Ill have to get back to this when I figure out what else it could be. Alternatively, clear cookies and retry. Most of the time you only have to restart the Prism Console Services, all you need to do is: Note:In the case where the Nutanix Console requires a frequent or continuous restart, consider engaging Nutanix Support athttp://portal.nutanix.com. Viewer allows the user to view information only. Nutanix strongly believes power of the community and joint effort. NGT is failing installation on a user VM/server where a Python environment already exists. Please verify that network details for the VM are correct and the IP is reachable from Prism. For any issues leverage KBs: KB-2066 Unable to Log In to the Prism web console using Group LDAP authentication. Once all services are down,shutdown the Prism Central machine from PE or with below command, Once Prism Central is shutdown open the console and update the setting as per your requirement. At that time, you will not be able to ping the host from the CVM on 192.168.5.1 IP. Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. Checking the NTP leader on a Nutanix Cluster: We will run the command allssh ntpq -pn on any cvm to see time sources for all CVMs and also which cvm is the NTP Leader. Then I ran the following command for each server to silently install NGT. Please try again in a few minutes. Please configure name server". CVM not reachable from host should be an immediate call to support if you can't determine cause right away. As youve tried other browsers etc this doesnt apply, but if the server producing the Prism web pages has changed then you need to refresh the page to get it to check the SSL cert again. Prism services have not started yet. NTP IP address is reachable (if ping messages fail, validate that ping traffic is enabled by pinging another responsive to ping messages destination). Cannot contact the AD/LDAP server. Further trouble shooting showed me that the time of the CVM and the PC is wrong. You are not alone. Any suggestions on how to solve this problem? The configuration for each role can be set once for users and once for groups per each domain, so for a single directory you would have at most six role configurations, each with one or more users or groups. We'll send you an e-mail with instructions to reset your password. The hosts and CVMs in a Nutanix cluster must be configured to synchronise their system clocks with a list of stable NTP servers. Need manual cleanup as mentioned above. When accessing the Nutanix Prism Central or Prism Element Web Console, you may see the following error in your browser. All other communication between Nutanix and vCenter Server occurs over port 80. No duplicate IP addresses can be used. Additional built-in roles have been defined and you can also build custom roles for users. NGT installation on Windows server 2008 R2 SP1 VM gives a warning "Hot-fix 2921916 is not installed on your system". We'll send you an e-mail with instructions to reset your password. Nutanix AHV Hosts utilise the same list of servers defined in Prism and being used by the NTP Leader, will be configured on each host to sync with independently. We do not notice it, we simply put in our credentials and use it. Sorry, our virus scanner detected that this file isn't safe to download. Please check that kafka server is running & that kafka settings in API server config file are updated properly, then try again. Nutanix - AOS, built on web-scale engineering principles, distributes roles and responsibilities to all nodes within the system to form a large cluster of services working together. Failed to update service in Analytics 2022-05-10 08:00:27,810Z ERROR 82014 /src/bigtop/infra/infra_server/cluster/service_monitor/service_monitor.c:106 StartServiceMonitor: Child 78634 exited with status: 12022-05-10 08:03:41,698Z ERROR 82014 /src/bigtop/infra/infra_server/cluster/service_monitor/service_monitor.c:106 StartServiceMonitor: Child 92258 exited with status: 12022-05-10 08:06:56,303Z ERROR 82014 /src/bigtop/infra/infra_server/cluster/service_monitor/service_monitor.c:106 StartServiceMonitor: Child 106030 exited with status: 12022-05-10 08:10:10,281Z ERROR 82014 /src/bigtop/infra/infra_server/cluster/service_monitor/service_monitor.c:106 StartServiceMonitor: Child 119408 exited with status: 12022-05-10 08:13:26,794Z ERROR 82014 /src/bigtop/infra/infra_server/cluster/service_monitor/service_monitor.c:106 StartServiceMonitor: Child 2255 exited with status: 1, I See the same ERROR on all FATAL files ( atlas.FATAL catalog.FATAL uhura.FATAL lazan.FATAL). User Admin, Cluster Admin, and Viewer are listed as Super Admin, Prism Admin,and Prism Viewer respectively. the nodes themselves) or Prism Central (a separate deployment)? It is also showing Cluster/node reports it is currently undergoing maintenance/upgrade. which appears to be a whole other issue. Make sure there is no security policy that blocks traffic to CVMs or PC. If thats the case, I now need to check the roles for the accounts. Please update file server configuration & try again. Keep your Nutanix Clusters Healthy by ensuring time sync is from a reliable, reachable time source. In order for a distributed system such as Nutanix AOS to work smoothly - NTP is of critical importance. Note: ADFS is the only supported IDP for Single Sign-on. Changes to this setting will not affect hosted VMs, data service, or other services on the Nutanix cluster. Exception occurred while creating a REST user for the file server. shows that there are two accounts and that both have: ROLE_CLUSTER_ADMIN, ROLE_USER_ADMIN, ROLE_CLUSTER_VIEWER. For initial setup this is useful but for the sake of security and auditing, it is strongly recommended to configure and use other accounts. We can see from the output above, we have five nodes (5 x CVMs) cluster,CVM 192.168.1.1 is the NTP leader and is synchronising itself from NTP servers defined in Prism. Here is the Nutanix Portal Document for the complete procedure: https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v511:mul-security-authentication-pc-t.html#ntask_cgq_5ch_zt. Accurate time sync, not just offers integrity and smooth operations but offersa lot of value even when things dont work as they should. User Admin - allows the user to view information, perform any administrative task, and create or modify user accounts. The solution is to restart the Prism services on the CVM of the Prism leader. I stumbled upon some documentation from the former employee who had detailed PuTTy instructions to login using a password less key. Identify who is the Prism Leader in your environment and SSH to it. Failed to save File Server. Do you mean Prism element (i.e. Sorry, we're still checking this file's contents to make sure it's safe to download. Enter your username or e-mail address. Perhaps you will see this kind of message: The Prism Central is reported as Disconnect - Prism services have not started yet. Request was accepted by File Server to create a partner server/notification policy, but the entity was not created. Prism Central also has additional automation and devops features like Karbon, Objects, Files, etc. Other CVMs on the same cluster (192.168.1.2 192.168.1.5) are synchronising their time from the NTP Leader, i.e. Please try again in a few minutes. The Authentication Configuration window appears. : Active Directory (AD) is a directory service implemented by Microsoft for Windows domain networks. Hi there, Ive had this issue before, but then it was just a caching issue on my browser. Please check API logs. Ensure that the ports 80 and 8443 are open: ntnx-portal.s3.amazonaws.comands3*.amazonaws.com- 443. Steps to change DNS covered later in the document. This setup can be described in two basic steps:authentication configuration and role assignment. While I dont have the version affected which is 2021.x. During deployment, one or more services failed to start. Our Hypervisor is version 20201105.2175 and I found this support document: Login to PC UI fails with "Server is not reachable" (nutanix.com). Enter your username or e-mail address. Sorry, we're still checking this file's contents to make sure it's safe to download. We'll send you an e-mail with instructions to reset your password. Sorry, our virus scanner detected that this file isn't safe to download. Please try again in a few minutes. Users can authenticate using their Active Directory (or OpenLDAP) credentials when Active Directory support is enabled for Prism Central. The AD user provided as input needs to be added in Manage Roles page for the file server as an Admin user with Full Admin Privileges. Check if the DNS can resolve the namerelease-api.nutanix.com. This is an intermittent issue with AOS v5.10.2. Thanks for sharing details. Solution :- You can run the script "lcm_catalog_cleanup". SSH to Prism Leader x.x.x.198 and run the following command to restart Prism service. I noticed were getting dns_server_check failures. Done. Please try again later, NGT Installation - Multiple VMS Nutanix guest tool failed with ErrorCode:9 from prism central, VMware VCSA 7, 6.5, 6.7 Vcenter Appliance installation problem, How to Put CVMs and hosts in maintenance mode, How to Verify Nutanix cluster health status, EMC VNX unified ESRS call-home configuration, Launch the console of Prism Central from Prism Element, You can take putty or ssh to the Prism Central IP, Power on Prism Central VM with console or acli (VM.on Prism Central VM name). It can only be configured on AHV and ESXi hypervisors. To verify the prism service leader in cluster run the following command :-. We'll send you an e-mail with instructions to reset your password. Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. On Prism Element, the role options available are the same as described above. Procedure. Manual fix is to delete Notification Policy, Partner Server & REST user from file server. Another note on configuring LDAPS. Out of the box, Prism Element (PE) and Prism Central (PC) deploy with one local user configured, called admin. The current feature capabilities of Prism Central require resource on the Prism Central VM to be increased for optimum performance. portal-accounts@nutanix.com which is why I am seeking help from the community. There will be no production related issue after running below commands :-. Can I change the DNS server the Nodes are looking for via SSH? Please remove the file_analytics from prism user list manually and re-trigger the deployment. Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. (PC 2022.1 or higher) Workarounds: Something else is making my server unreachable. Creare una connessione all'hypervisor Nutanix Acropolis. Please try again later.. Please provide required inputs & try again. Searching for what seems like basic information on Nutanix is painful. Ensuring CVMs are configured and syncing with a reliable time source: Following ncc (Nutanix Cluster Check utility) checks for any problems with NTP configuration on all the CVMs in a cluster: To List Configured Time Sources from a CVM shell: Check Cluster NTP Status for All Configured CVMs: Detailed Statistics on Local CVM Connection to a Single Remote NTP Server. As mine is older, it would be affected too. If you are experiencing long lookup times and your selected directory server has the global catalog role enabled, you may see improved lookup times by using the global catalog port. Servers on the Nutanix system are working and the Prism login populates, but the error occurs after several minutes of waiting for it to login. Enter your username or e-mail address. If the CVM is overloaded and cant produce the Prism interface you can see this too. During teardown, if those file servers are still enabled, teardown process will try to disable them. Sorry, we're still checking this file's contents to make sure it's safe to download. The Create HTTP Proxy UI appears. The full detail of permissions and roles available would be a bit much to cover here. No I mean Prism Central ( a separate deployment ), I have three PCVM two of them as shown are in ( Forwarding ) state, nutanix@NTNX-198-A-PCVM:~$ cluster status | grep -v UP2022-05-13 10:24:35,114Z INFO MainThread zookeeper_session.py:190 cluster is attempting to connect to Zookeeper2022-05-13 10:24:35,117Z INFO Dummy-1 zookeeper_session.py:629 ZK session establishment complete, sessionId=0x1804ee89c359f8f, negotiated timeout=20 secs2022-05-13 10:24:35,120Z INFO MainThread cluster:2918 Executing action status on SVMs te of the cluster: startLockdown mode: Disabled, CVM: X.X.X.199 Up Epsilon DOWN []. Nutanix currently supports the OpenLDAP 2.4 release running on CentOS distributions only.Note: OpenLDAP is not supported for Self Service (see the Prism Self Service Administration Guide). Cause : External NTP servers are not configured or are not reachable. The Witness resides in a separate failure domain to provide an outside view that can distinguish a site failure from a network interruption between the Metro Availability sites. Cannot connect to File Analytics VM from Prism. First, follow Prism Element Security Guide: Configuring Authentication to set up remote authentication. Specifying LDAPS as opposed to LDAP is done via the formatting in this Directory URL field. Sorry, our virus scanner detected that this file isn't safe to download. You may also try a different browser for connecting and logging into Prism Central Web UI. @IPC_ahaasThanks for the response. We can see from the output above, we have five nodes (5 x CVMs) cluster, CVM 192.168.1.1 is the NTP leader and is synchronising itself from NTP servers defined in Prism . Im trying to figure out why We are unable to login in to Prism central as below message appear when trying to login: as it show in the dev tools ( Failed to load resource ), I have checked the apache and its not working but not sure if the issue has anything to do with httpd. On Prism Central additional role-based access control (RBAC)options are available. If neither is checked, the user is configured as a view user. Also, ensure that the CVM IP Addresses and the cluster External / Virtual IP Address are whitelisted in your firewall settings to allow traffic. Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. Logs would be collected from File Analytics VM on CVM at /home/nutanix/data/logbay/bundles/NTNX-Log-***.zip. Please try again in a few minutes. When installing on an ESXi cluster: vCenter and the ESXi cluster must be configured properly. Please try again in a few minutes. Network Time Protocol (NTP) is used across different devices and services on a network to maintain reliability and integrity of services, data and other critical functions. The release-api.nutanix.com is not reachable from my prism central and my prism element .I have valid name servers configured in both PC and PE .I got it verified from network team that the traffic is passing by firewall .Can anyone let me know what exact things do i need to check in my name servers so that this URL will be connected from PC and PE ? Please try again in a few minutes. @IPC_ahaasThanks for reaching out. This setup can be described in two basic steps: authentication configuration and role assignment. NCM Intelligent Operations (formerly Prism Pro/Ultimate). Cannot contact Prism - Invalid Credentials. To configure an Active Directory authentication directory or a SAML-based identify provider and to enable client authentication, do the following: Caution: Prism Central does not allow the use of the (not secure) SSLv2 and SSLv3 ciphers. Nutanix currently supports the OpenLDAP 2.4 release running on CentOS distributions only. I Notes neuron_server restarting alot below is the output of the neuron_server.log file: 2022-05-10 08:53:08Z ERROR serviceability_executor.py:1599 Error while reading failed plugins file: /appliance/logical/serviceability/neuron_last_failed_plugins2022-05-10 08:53:08Z INFO neuron_server.py:244 Start clean up of smart_alert_metadata entities from IDF2022-05-10 08:53:08Z ERROR cleanup_entities.py:76 Exception occured during deletion of smart_alert_metadata entities: Failed to send RPC request.2022-05-10 08:53:08Z INFO zookeeper_session.py:190 neuron_server.py is attempting to connect to Zookeeper2022-05-10 08:53:08Z INFO zookeeper_session.py:629 ZK session establishment complete, sessionId=0x2804ef58f8de8a9, negotiated timeout=20 secs2022-05-10 08:53:08Z CRITICAL decorators.py:47 Traceback (most recent call last): File "build/bdist.linux-x86_64/egg/util/misc/decorators.py", line 41, in wrapper File "/home/nutanix/neuron/bin/neuron_server.py", line 274, in run xfit_config.initialize_pc_services() File "/usr/local/nutanix/neuron/lib/py/nutanix_neuron.egg/neuron/utils/xfit_config.py", line 58, in initialize_pc_services xfit_pc_type = self.__get_xfit_pc_type() File "/usr/local/nutanix/neuron/lib/py/nutanix_neuron.egg/neuron/utils/xfit_config.py", line 110, in __get_xfit_pc_type nucalm_status = prism_central_utils.get_nucalm_enablement_flag() File "build/bdist.linux-x86_64/egg/util/prism_central/utils.py", line 1191, in get_nucalm_enablement_flagImportError: No module named proto.nucalm_enablement_pb2, its look like there is a python script not working ( decorators.py ), Im not sure what is the root cause, can anyone help with this issues, Best answer by rohan.saksena-55595 13 May 2022, 15:12. That resolved one issue, and the health check now shows PASS on ton of things. Prism Central supports user authentication. Active Directory authentication. Failed to add file server record in ElasticSearch index, exception details can be seen in API logs, Failed to update consumer and full scan config, please check API logs for exception. Solution: Preliminary troubleshooting Use browser Icognito Mode to log in. Ensure users with this attribute first login to a domain workstation and change their password prior to accessing Prism Central. But this time it did not work. This is a Live Troubleshooting Scenario. Error creating Partner Server/Notification policy. Users with the "User must change password at next logon" attribute enabled will not be able to authenticate to Prism Central. Then you have to change the new compute resource of Prism Central. For more detail on RBAC and role assignment in Prism Central, please see the section Controlling User Access (RBAC) in the Security Guide. You can add one or more authentication directories, either Active Directory or OpenLDAP. If yes, can you share output of following command: The password we have on file for the nutanix user isnt working. During deployment, Volume Group creation/discovery failed. We'll send you an e-mail with instructions to reset your password. Check the status of NTP synchronization on all CVMs and hosts. Sorry, our virus scanner detected that this file isn't safe to download. Is it safe to run the command you posted as admin? For more details on this certificate requirement and related errors seen, check the article Invalid service account details" error is thrown when configuring LDAP authentication in Prism Central (login required). Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. File Analytics deployment & teardown is done via Prism UI. A "Witness" is a special VM that monitors the Metro Availability configuration health. I was able to login as admin and run the command that @rohan.saksena-55595mentioned earlier and got: The IPADDRESS returned was not the IP I was using to SSH into the system, nor is it the IP of the Prisim login page Ive been using. Network Time Protocol (NTP) is a protocol for clock synchronisation between computers. While additional options exist, such as using an identity provider, in this example I will befocusing on LDAP/LDAPS authentication. We'll send you an e-mail with instructions to reset your password. Please check API logs for more details about the exception. CVMs (Controller Virtual Machine) that comprise a Nutanix cluster get their time by syncing to a single member which is known as the NTP Leader (Genesis Master). Also, do nslookuprelease-api.nutanix.com. All other hypervisors (ESXi, Hyper-V, XEN) need to have NTP configured separately using their unique management tools. First find the Prism leader and restart the prism service. Is this the correct command to add a nameserver: Called support and got an answer right away. Sorry, we're still checking this file's contents to make sure it's safe to download. Sorry, our virus scanner detected that this file isn't safe to download. There are three authentication options: Local user authentication. We'll send you an e-mail with instructions to reset your password. Partner server with same IP/hostname already exists on the file server. And, of course, Prism Central Guide on NGT. NCM Intelligent Operations (formerly Prism Pro/Ultimate). Some VMs are missing from 'ncli ngt list' output. Click the gear icon in the main menu and then select Authentication in the Settings page. Sorry, we're still checking this file's contents to make sure it's safe to download. This should be changed only for the special use case that Microsoft IIS is using port 80. vCenter Registration done through Prism uses port 443. Request was accepted by File Server to create a partner server/notification policy, but the entity was not created. Please check whether the DNS configured on File Analytics can resolve the AD/LDAP hostname & try again. Node Id : ZM183S001354. Prep for Success: 50% Off NCA & NCP-MCI Exam Prep. A set of fields is displayed. Please delete the same from file server & try again. For more information check other posts in the NGT Series here at .NEXT. This means thatthe LDAP servers SSL certificate must include a Subject Alternative Name (SAN) that matches the URL provided during the LDAPS setup. Continuing on NGT series this post is about troubleshooting. Please try again in a few minutes. Last time when I got this error, I had to edit the Hosts file and enter the IP address of My.Nutanix.com in that file. NCM Intelligent Operations (formerly Prism Pro/Ultimate), Prism Element Security Guide: Configuring Authentication, KB-2066 Unable to Log In to the Prism web console using Group LDAP authentication, KB-3363 Prism: Troubleshooting LDAP Issues for Prism Log On, PowerShell Cmdlets Reference: LDAPConnection. but I can run commands it looks like. Also, if SSL is enabled on the Active Directory server, make sure that Nutanix has access to that port (open in firewall). (Prism Central Settings -> Local User Management -> Click edit pencil next to user) Then when we log in we will see with that user the following interface with the "Server is not reachable" error: Solution: Fix: Upgrade PC to a version that includes the code update. Disable/unsubscription failed for the mentioned file servers. How to manually collect logs from each of the components? You may prefer to configure LDAP or LDAPS authentication for Prism Element or Prism Central. Sorry, we're still checking this file's contents to make sure it's safe to download. -bash: /home/nutanix/ncc/ncc_completion.bash: Permission denied. NTP warnings on NCC. I am able to SSH into Nutanix and it gives a disclaimer against making unsupported alterations. Please select the File server in Prism and go to 'Manage roles' option and add user / roles in 'Add admins' section. Running the command "curl localhost:2019/prism/leader && echo" returns: {"leader":"10.20.2.121:9080", "is_local":true} That IP and port does not resolve in my browser. Take the putty of any Nutanix controller Virtual Machine, and run the below command. How annoying. Active Directory: Active Directory (AD) is a directory service implemented by Microsoft for Windows domain networks.Note: Users with the "User must change password at next logon" attribute enabled will not be able to authenticate to Prism Central. Disable failed for file servers with uuid . Prism credentials are file_analytics & Nutanix/4u990 [applicable only for Tech Preview]. Ensure users with this attribute first login to a domain workstation and change their password prior to accessing Prism Central. Like Quote Userlevel 2 Users can authenticate if they have a local Prism Central account (see Managing Local User Accounts). OpenLDAP is not supported for Self Service (see the. By default,this often is limited to the IP address of the LDAP server (Active DirectoryDomain Controller). Once your CVM stargate service is back, autopath will stop and route will set to default. NCM Intelligent Operations (formerly Prism Pro/Ultimate), Invalid service account details" error is thrown when configuring LDAP authentication in Prism Central. The next step is to login to Next server. Please try again in a few minutes. NGT is failing installation on a user VM/server where a Python environment already exists. Increase the size of the Prism Central restart is required, also make sure you are increasing the compute size when Prism Central VM is in powered off state. One or more services are not running, please check logs for more details. Redirecting to /bin/systemctl status httpd.service httpd.service Loaded: masked (/dev/null; bad) Active: inactive (dead)nutanix@NTNX-1-A-PCVM:~$nutanix@NTNX-A-PCVM:~$ sudo service httpd startRedirecting to /bin/systemctl start httpd.serviceFailed to start httpd.service: Unit is masked. Failed to create Kafka Topic. NCM Intelligent Operations (formerly Prism Pro/Ultimate). During troubleshooting of any service, timestamps are used to understand and co-relate root-cause, impact of the problem. Assuming youre using chrome. Sorry, we're still checking this file's contents to make sure it's safe to download. Timed out waiting for Partner Server/Notification Policy creation. My Issue:Yesterday I could log into the cluster fine,Today, no Cluster access, as far as I knew nothing changed. Are you able to SSH to the CVM? Im not certain what it does. Take the putty of Prism Central and wait for genesis and zookeeperservices to be running: Start cluster services with below command, Check the cluster status with below command.