NSX-T 3.0.2 & 3.1 UI broken for "Request Header Or Cookie Too Large"
book
Article ID: 314291
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
This article provides steps for Hand-patching a 3.1 NSX Manager to increase maximum HTTP header sizes.
Symptoms: NSX UI is broken, when you login with AD users who belong to considerable amount of AD groups 100+.
You will see this error :
Environment
VMware NSX-T Data Center VMware NSX-T Data Center 3.x
Cause
This is a known issue affecting VMware NSX-T 3.0.2 and 3.1. When LDAP authentication is configured and a user is a member of many LDAP groups, the x-nsx-groups header might exceed nginx's default buffer size of 8k.
Resolution
This has been fixed in Highline Maintenance (3.1.1) release
Workaround: Please create a Support Request with VMware Support and reference this KB for the steps to work around this issue. For helping with creating a Support Request see this KB: https://kb.vmware.com/s/article/2006985