VMware NSX for vSphere to NSX-T Datacenter migration fails Distributed Firewall Exclusion List reached maximum limit of 100
search cancel

VMware NSX for vSphere to NSX-T Datacenter migration fails Distributed Firewall Exclusion List reached maximum limit of 100

book

Article ID: 317203

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

VMware NSX for vSphere to NSX-T Datacenter migration fails during host migration with the following error in the UI:
Error:
Transport Node migration stage failed for host #######-6716-434d-9382-#######:host-2801 [Distributed Firewall failed with '400: Exclude List: Reached maximum allowed number of members, limit: 100. for URL: http://localhost:7440/nsxapi/api/v1/firewall/excludelist?action=add_member']

Environment

  • VMware NSX-T Data Center
  • VMware NSX-T Data Center 4.x
  • VMware NSX-T Data Center 3.x

Cause

In VMware NSX-T, only 100 objects are permitted in the exclusion list. During a V2T migration, the migration fails when more than 100 objects are in the exclusion list in VMware NSX for vSphere, VMware NSX-T is unable to import the large list.

This can occur when in VMware NSX for vSphere, all edge Logical Switch Ports (LSP) are added to the exclusion list.

In VMware NSX-T, this is not required, as the edge node is a system VM and will have a tag, which means the VM will be added to the exclusion list, not the LSP's.

Resolution

This issue is resolved in VMware NSX-T Data Center 3.2.3 and VMware NSX 4.0.2.

Workaround:

In VMware NSX for vSphere, remove the edge VM LSP's from the exclusion list and retry the V2T migration again.

Powered by Wolken Software