Principle Identity based Workflows impacted after NSX T upgrade to 3.2.X from 3.0.X
search cancel

Principle Identity based Workflows impacted after NSX T upgrade to 3.2.X from 3.0.X

book

Article ID: 318284

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • Upgrade from 3.0.X to 3.2.X directly will fail to upgrade the TKGI Cluster. 
  • TKGI Fails with similar errors
/dic8aled-d609-4044-bdca-64209fc4e732:/var/vcap/sys/log/pks-nsx-t-prepare-master-vm# cat pre-start.stderr.log "Error: timeout: client certificate is not working after 60 seconds

Environment

VMware NSX-T Data Center 3.x
VMware NSX-T Data Center

Cause

During migration from 3.0.x to 3.2.X, one of the attributes on Principle Identity users is missing. The missing attribute is called “rolesForPath” attribute. That is causing setRoleBinding() to fail. This issue impacts new PI creation also. In customer case, this was leading to New TKGI cluster registration/ TKGI upgrade failure.

Resolution

Resolution is to upgrade to 3.2.3 or 4.0.2


Additional Information

Impact/Risks:
  • New Principle Identity creation fails.
  • TKGI cluster upgrade fails.
  • New TKGI cluster registration fails


Powered by Wolken Software