I had the problem where every now and then powering on vAPPs that utilize vShield fails and it reports that it failed because it could not create the required port group. This used to drive me crazy, especially the way I have found out to fix it was to reboot the vCloud Networking & Security Manager (vShield Manager) to sync it again with vCloud Director. This has end up being a known bug with vCloud Networking & Security 5.1.2 (I believe the same problem existed with 5.1.1 as well, but not sure of earlier vCNS versions). It seems that vCloud Network & Security 5.1.2 fails to synch back with vCenter after its vNic lost connectivity for any reason even after connectivity being restored. This has been pointed out in the release note of 5.1.1 as follow:
vShield Manager not reachable after network interface is disconnected and reconnected
vShield Manager is not synched with vCenter Server after you disconnect and reconnect the vShield Manager vNic.
Workaround: Reboot vShield Manager.
Release notes for vCNS 5.1.1 can be found at: https://www.vmware.com/support/vshield/doc/releasenotes_vshield_511.html
I know, I know that work around in the release note of having to restart vCloud Network & Security Manager each time you have that problem is not the greatest solution especially if your network is on the shaky side as my home lab. The good news is that this problem was resolved with the release of vCloud Networking & Security 5.1.2a & above. Below is the steps to upgrade your vCloud Networking & Security to 5.1.2b. The same instructions can be found at the following KB: http://knova-prod-kss-vip.vmware.com:8080/selfservice/mysupport/viewdocument.do?externalId=2051860
To upgrade to vCloud Networking and Security 5.1.2b:
- If you are running a version of vCloud Networking and Security lower than 5.1.2, upgrade your installation to version 5.1.2 by following the steps in Upgrading to vCloud Networking and Security 5.1.2a best practices (2044458).Note: Do not follow the steps in the Applying the 5.1.2-997359 vShield Manager Patch section. The 5.1.2b patch includes all prior components, so the 5.1.2-997359 patch is unnecessary.If you are running vShield Manager version 5.1.2 or 5.1.2a (5.1.2-997359), proceed to step 2.
- Obtain the upgrade patch bundle from VMware Technical Support and download it to a location to which the vShield Manager can browse. The name of the upgrade patch file is:
VMware-vShield-Manager-upgrade-bundle-5.1.2-1119491.tar.gzNote: To obtain the upgrade patch bundle, file a support request with VMware Technical Support and note this Knowledge Base article ID (2051860) in the problem description. For more information, see Filing a Support Request in My VMware (2006985).
- From the vShield Manager Inventory panel, click Settings & Reports.
- Click the Updates tab.
- Click Upload Upgrade Bundle.
- Click Browse and select the
- Click Open.
- Click Upload File.
- Click Install to begin the upgrade process.
- Click Confirm Install. The upgrade process reboots vShield Manager, so you might lose connectivity to the vShield Manager user interface. None of the other vShield components are rebooted.
- CRITICAL STEP (do not skip): After the vShield Manager reboots, the vCenter Server to vShield Manager binding is lost. Go to the vShield Manager Inventory panel, click Settings & Reports, then click Edit under the Configuration tab in the vCenter Server section and re-enter the administrator password to re-establish the connection.
- There is no need to upgrade existing vShield App components. Existing vShield Edges must be redeployed. For more information on upgrading existing vShield Edges, see the What to do next section under the Applying the 5.1.2-997359 vShield Manager Patch section in Upgrading to vCloud Networking and Security 5.1.2a best practices (2044458).
Hope this get things to work out a bit better for you!