When deploying Deep Security Agentless Solution with VMware NSX-T, you may encounter issues deploying the Deep Security Virtual Appliance(DSVA) due to the IP address assigned from NSX-T pool is already in use. This is a known issue and VMware will release a fix soon.
You may encounter the following symptoms when deploying Deep Security Virtual Appliance:
1) Successfully deployed the DSVA but activation is failing
2) The DSVA from vCenter view shows only 3 IP address instead of the expected 5 IP address
3) From NSX-T console, the Criteria Alarms shows Partner Channel Down for Endpoint Protection
- Login to the DSVA and switch to its terminal console.
- Go to /var/opt/ds_agent/slowpath/ and inspect the configuration files dsva-ovf.env and dsva-ovf.xml
- Verify the IP address assigned and network configuration if same as NSX-T Static IP pool
- Check the /var/opt/messages log and search the IP address that assigned to DSVA and show the IP already used by other.
- From NSX-T manager console, confirm the IP already in use by ESX host for TEP IP addresses.
1) Delete the current deployment plan and re-deploy DSVA . Change the NIC0 to use DHCP instead of Static IP Pool