vCNS 5.1.x SSL VPN-Plus Client Proxy Settings on Mac won’t stick

Anyone out there attempting to run the SSL VPN-Plus Mac client through a proxy will quickly notice that the settings do not seem to stick.   You check the box to enable proxy setting, add the configuration and click Ok.

Image

All seems well (until you try to connect).  When the settings are applied correctly, the client will reflect that the connection attempt is routed via proxy.

Image

When you open up the proxy settings again, you see the box unchecked and the proxy configuration undefined.  This is a known issue caused by a missing directory where the proxy configuration is written does not get added during install.  This is slated to be fixed in a future release.

As a workaround, you can add the directory manually.  Exit the SSL VPN Mac client, open up the terminal and add the directory:  sudo mkdir -m 777 /opt/sslvpn-plus/naclient/users_dat

Problem solved.  Open up the client, configure the proxy, and connect.

*Credit for the find to N.Albright for quickly finding the problem with dtruss*.
-Gabe 

Image

Advertisements

vCNS 5.1.x Edge Force Sync 101

vCNS Edge Force Sync The action of synchronizing the Edge appliance to the vCNS Manager by OS reboots.

Any time a Force Sync is initiated, vCNS Manager writes the event to syslog (if enabled) [System Events for Critical Event ID 30100]. This entry is logged per edge VM, so two entries for an HA pair.

The events can be viewed in vCNS UI, under Settings & Reports > System Events:
Image

What are the implications of a Force Sync? 

I completed several Force Sync tests using timestamped ICMP requests against Virtual Servers configured on an HA Edge appliance.  When the Force Sync action is initiated the job will reset the first appliance and stagger the 2nd reboot requests by ~ 30 seconds.

When Edge-0 (the first Edge VM) is reset the test virtual server VIP became  ~ 10 – 11 seconds of impact (ICMP requests to the Virtual server IP fail). At the end of the 10 – 11 seconds, the Standby edge takes over the load balanced services and these become reachable for ~ 24 seconds until the 2nd VM is reset.

Once the Edge-1 (the 2nd Edge VM) is reset, the services once again become unavailable for ~ 60 seconds, until the 1st Edge VM is fully initialized.

Note: A less impactful appliance reset can be acomplished by manually resetting the standby edge, waiting at least 90 seconds for initialization – then resetting the active edge.  

Note: Tests conducted using vCNS 5.1.b.  As with anything, depending on your environment and configuration, your mileage may vary.  

How to initiate a Force Sync from the vCNS UI:

1. Browse to the vCNS Manager
2. View Edges
3. Select Edge Gateways
4. Select a deployed Edge.
5. Click the Actions cog.
6. Select Force Sync
Image

How to initiate a Force Sync from the vCNS REST API:

Force Sync an Edge with its vShield Manager (pg 144 of the REST API guide)
GET https://<vsm-ip>/api/3.0/edges/<edgeId&gt;?action=forcesync


How do I view Force Sync details in the vCNS Manager logs?

1. SSH to the vCNS Manager CLI
2. Execute the command
       vsm-name# show manager log follow  

Inspect the logs for the following entries, related to the force sync (bold # = comment line)

# Force Sync is scheduled, assigned ID “jobdata-1831”

2013-06-16 10:53:05.058 GMT INFO http-443-exec-677 EdgeServiceImpl:744 – Successfully created forceSync job jobdata-1831 for edge ‘edge-16’
2013-06-16 10:53:05.111 GMT INFO http-443-exec-677 Publisher:509 – Scheduled job Id jobdata-1831
2013-06-16 10:53:05.165 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Rebooting appliances for edge-16.

# Edge-0 Reset request is sent, wait for edge Init
2013-06-16 10:53:05.352 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:349 – Reset the edge appliance : ‘vm-12780’
2013-06-16 10:53:11.955 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:367 – Reboot the edge appliance : ‘vm-12780’
2013-06-16 10:53:11.958 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:226 – Attempt # ‘1’ to reboot the edge VM ‘vm-12780’
2013-06-16 10:53:12.027 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:99 – Rebooting VM ‘d0p1v4mgmt-vse-pub-0’
2013-06-16 10:53:12.150 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:101 – Successfully rebooted VM ‘d0p1v4mgmt-vse-pub-0’
2013-06-16 10:53:12.150 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:371 – Wait for Vse Init : ‘vm-12780’

# 30 seconds later Edge-1 Reset request is sent, wait for edge Init
2013-06-16 10:54:26.410 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:349 – Reset the edge appliance : ‘vm-12784’
2013-06-16 10:54:33.003 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:367 – Reboot the edge appliance : ‘vm-12784’
2013-06-16 10:54:33.009 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:226 – Attempt # ‘1’ to reboot the edge VM ‘vm-12784’
2013-06-16 10:54:33.034 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:99 – Rebooting VM ‘d0p1v4mgmt-vse-pub-1’
2013-06-16 10:54:33.185 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:101 – Successfully rebooted VM ‘d0p1v4mgmt-vse-pub-1’
2013-06-16 10:54:33.185 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:371 – Wait for Vse Init : ‘vm-12784’

# Synch latest config version. Publish configurations to both edges.
2013-06-16 10:56:02.551 GMT INFO pool-55442-thread-1 ForceSyncTask:98 – Synching configuration for edge edge-16, config version 14.
2013-06-16 10:56:02.552 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Synching configuration for vShield Edge edge-16, config version 14.
2013-06-16 10:56:02.699 GMT INFO pool-55444-thread-1 AbstractEdgeApplianceManager:537 – Downloading file ‘/var/log/events.old’ from VSE ‘vm-12825’ to location ‘/tmp/events.edge-38’ on VSM
2013-06-16 10:56:02.751 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Preparing configuration changes to be applied on vShield Edge (edge-16) d0p1v4mgmt-vse-pub-0
2013-06-16 10:56:02.789 GMT INFO pool-55444-thread-1 AbstractEdgeApplianceManager:537 – Downloading file ‘/var/log/events.old’ from VSE ‘vm-12837’ to location ‘/tmp/events.edge-38’ on VSM
2013-06-16 10:56:02.828 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Preparing configuration changes to be applied on vShield Edge (edge-16) d0p1v4mgmt-vse-pub-1
2013-06-16 10:56:02.945 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Publishing configurations on vShield Edge Virtual Machine vm-12780
2013-06-16 10:56:02.947 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:613 – The vse command is being sent to ‘vm-12780’
2013-06-16 10:56:02.956 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Publishing configurations on vShield Edge Virtual Machine vm-12784
2013-06-16 10:56:02.958 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:613 – The vse command is being sent to ‘vm-12784’

# Confirmation of completion Force Sync “jobdata-1831” Total time elapsed 3 Min 5 sec
2013-06-16 10:56:10.251 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Completed configuration of version 14 on appliances for edge-16.

 

vCNS 5.1.x Tasks Not Displayed

There is a condition in the current releases vCNS Manager that causes the tasks tab to not display tasks at all.  This condition will be fixed in an upcoming release.   This article provides a workaround for an environment where an upgrade is not feasible for whatever reason.Image

If there are any tasks initiated by a user that no longer exists, the VSM tasks tab will display an error in the UI. The logs will also display a warning.

  vsm#show manager log follow

Look for the following warning message:

2013-05-23 21:27:35.806 GMT  WARN http-443-exec-315 DefaultExceptionLogger:35 – The following exception occurred during request processing by the BlazeDS MessageBroker and will be serialized back to the client:
flex.messaging.MessageException: Internal server error has occurred.

Caused by: javax.persistence.EntityNotFoundException: Unable to find com.vmware.vshield.vsm.usermgmt.model.UserInfo with id userinfo-40

The following work-around requires linux console access – in most cases it should be completed by VMware Global Support Services.

Run the psql client:
psql -U secureall

Execute :
update task set user_info=null;

Refresh the tab.  Tasks should now be displayed.

Image