So you are trying to do a traceflow to see where the traffic is going, but as it turns out it is not working. If this is the case, and if you are running NSX-T 3.2, and the segment that your VMs belong to is VLAN backed. Then I might have a solutions for you.
Traceflow request failed. The request might be cancelled because it took more time than normal. Please retry.Error Message: Error: Traceflow intent /infra/traceflows/<guid> realized on enforcement point /infra/sites/default/enforcement-points/default with error Traceflow on VLAN logical port LogicalPort/<guid> requires INT (In-band Network Telemetry) to be enabled (Error code: 500060)
A customer had created a Virtual Distributed Switch, but was unable to add his ESXi hosts to the vDS. It said that: “Host is not compatible with the VDS version.”
He was only able to join his version 6.5 ESXi host to a 5.5 vDS. If it was upgraded to version 6.0 or 6.5 it did not work.
There are multiple reports of this online related to upgraded hosts and vCenters. I suspect that it is an issue that you only run into if you do major upgrades without reinstalling ESXi, and since I never do that I have not had that problem before.
Today I was doing some micro segmentation at a customer site, and I was having an issue with new active directory groups not showing up when I wanted to add them to a Security Group.
I turned out that there were a lot of groups missing. I checked the synchronization but there was no errors, and no pattern in what groups was missing and what groups were there. If you do have errors this article might be relevant for you: https://kb.vmware.com/s/article/2150678
I checked the release notes for recent updates, but it did not look like this was a known bug.
I did find a workaround. I deleted the Domain from NSX, and set if up again. Now all groups was available. This is not a very good solution since all your existing setup in regards to Identity based rules in the distributed firewall, and security groups with AD Group members, needs to be redone. So be careful to document everything before you delete the domain.
Network health check is a very useful feature that was introduced with vSphere 5.1 vDS.
What does it do?
The purpose is to test if the VLANs, MTU and Load Balancing settings you defined are actually working. The old way of doing this would be to disconnect all port except one, by either doing a shutdown on the switch port, or pulling out the cable, and then testing, with a VM, if every VLAN still works. This can be a very lengthy process if you have many adapters, but also a necessary step if you want a stable environment.
Quick guide to getting a self signed certificate configured for Apache on Ubuntu 16.04.
All credits go to Justin Ellingwood. There is a link to his article at the bottom of this page. This is just a quick summery of what needs to be done to get SSL working, based on his article.
I do not recommend using self-signed certificates in production, as it does not provide any security what so ever! Deploy a signed certificate from your internal 2-Tier PKI infrastructure. If you do not have an internal PKI infrastructure, your need to get one!