Internally I have seen this one a couple of times so I knew what the issue was, but outside of VMware not many people have played with VMware vCloud Director (vCD) yet. Here’s the full error that is shown when you create a NAT Router Org network of vApp network:
Error creating Shield network appliance.
– vClould-Shield edge error: Creating/configuring the VR failed: vsmHandle.initializeEdge() net:1948253845/dvportgroup-218 vse:vm-220 VSM IP:10.0.0.10 failed.
– HTTP/1.1 403 Forbidden – The user does not have permission to perform this operation.
This usually means that the vShield Edge license key has not been added to vCenter. You can simply add it as follows:
- From a vSphere Client host that is connected to a vCenter Server system, select Home > Licensing.
- For the report view, select Asset.
- Right‐click a vShield asset and select Change license key.
- Select Assign a new license key and click Enter Key.
- Enter the license key, enter an optional label for the key, and click OK.
- Click OK.
- Repeat these steps for each vShield component for which you have a license.
That should resolve this issue. Yes I agree, the error could have been more “user friendly” and I will ask the Engineering team if they can change this.
This tip really saved me lot of time. Just with the error message i would have gone crazy searching all my settings. Thanks for the post.
same here 🙂
Great tip Duncan! Saved me a lot of time as well!
Hi Duncan,
Thanks for this article. I am having one of a known issue while trying to add Org network with vCNI Pool. What happens is I have both the external network and vCNI pool on the same network.
I know that this is not the supported configuration to have both on the same subnet. But due to the LAB limitation I have to have this.
I know there is a parameter to change in the CONFIG table inside the Oracle database to tweak this but can’t find a script or method to achieve this.
In the partner training they provided the script and method to do this but I forgot how to achieve this. Below is the error message I am getting.
IP Subnet of network “XXX_EXT_NAT_NW” overlaps with that of the external network “XXX-vCD-External”. This is an unsupported configuration.
Can you please help me with this.
It turned out that when you upgrade from vCD 1.0 to 1.5 if you don’t upgrade your vShield environment after going along with vCenter 5.0 the vShield Edge license assignment at the vCenter level gets unlinked.
After that, it’s impossible to deploy new NAT routed external networks: they get deployed and they get unprovisioned after several minutes. Thanks for this article: it saved literally the day for me.