The NSX-T Load Balancer is in Unknown state after change of LB certificate or after an upgrade of NSX-T
Article ID: 317779
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- NSX-T Data Center release earlier than 3.2.1
- NSX-T Load Balancer certificate contains entries in the "Subject alternate name" field that begin with "DirName".
- On the edge node (logged in as admin), where the Load balancer resides, checking its status fails:
get load-balancer status
24304: Internal Error: Query LB Engine Failed.
- In the edge node log '/var/log/lb/<LB-UUID>/lbconf_gen.log' the Load balancer reports errors similar to:
2021-11-15 09:24:30,801 15283 lb ERROR Failed to generate Lb configuration.
2021-11-15 09:24:30,801 15283 lb INFO End building lb configuration.
2021-11-15 09:25:55,757 15935 lb INFO Start building lb ea771bea-800f-456e-be36-2292aaec62a7 configuration.
2021-11-15 09:25:56,098 15935 lb ERROR failed to build nginx config
2021-11-15 09:25:56,099 15935 lb ERROR Traceback (most recent call last):
File "/opt/vmware/nsx-edge/bin/lbconf_gen.py", line 3046, in lb_cfg
...
File "/opt/vmware/nsx-edge/bin/lbconf_gen.py", line 397, in get_server_name_in_crt
key,value = item.split(':', 1)
ValueError: not enough values to unpack (expected 2, got 1)
Environment
VMware NSX-T Data Center
Cause
If a certificate contains entries in the "Subject alternate name" field starting with "DirName", NSX Load Balancer will incorrectly interpret the value defined in "DirName" when configuring a Load Balancer.
Resolution
This issue is resolved in NSX-T Data Center 3.2.1 available at VMware downloads.
Workaround:
If you believe you have encountered this issue, please, contact VMware Global Support and mention this KB.
Workaround:
If you believe you have encountered this issue, please, contact VMware Global Support and mention this KB.
Feedback
Yes
No
Powered by
