Recently I’ve completed a migration from NSX-V to NSX-T for a customer. One of the requirements after the migration was to configure network insight receiving DFW IPFIX flows from NSX-T.
The environment consists of NSX-T running version 3.1.3.3 and Network Insight version 6.4. NSX-T is behind vIDM (VMware identity manager version 3.3.5). NSX-T manager data source is configured in vRNI with IPFIX enabled using a vIDM user. The vIDM user has been added to NSX-T with the network admin role. This is a prerequisite as mentioned in the VMware docs to be able to get DFW IPFIX flow information. After adding the data source we got randomly invalid credentials on the NSX-T data source in vRNI and also don’t receive any DFW flow information, as per below screenshot.
First, I thought this was a bug, but it seems to be a known issue with vIDM. To workaround this issue use NSX-T local admin credentials to add NSX-T data source in vRNI.
At the moment there is no fix available for this. So if you face the same issue with vIDM behind NSX-T configure the NSX-T data source with NSX-T local admin credentials.
I hope this is useful for somebody.
Rick Verstegen // BLOG 