After NSX Manager upgrade to 6.4.4, unable to upgrade edge to 6.4.4 or modify configuration
book
Article ID: 325094
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
This KB is to document a known issue with NSX Data Center 6.4.4 that may prevent upgrading or making changes to NSX Edge Service Gateways.
Symptoms: 1. Edge upgrade fails OR 2. After Edge upgrade to 6.4.4, Edge configuration may timeout.
Customers upgrading from NSX Data Center 6.3.x or 6.4.x release to 6.4.4 may experience this issue.
Environment
VMware NSX for vSphere 6.4.x
Cause
Issue happens only if edge firewall or distributed firewall has rules applied to edges and security groups or IP sets are used in the firewall rules.
A message queue which processes the security group/IP-set updates was not configured correctly, so communication between NSX manager and the edge gets blocked when the number of pending messages reaches a threshold. This is fixed by correcting the message queue configuration.
Resolution
This issue is resolved in VMware NSX for vSphere 6.4.5, available at VMware Downloads.
Workaround: There are two methods to workaround this issue:
1. Do not use grouping objects in firewall rules applied to edges.
2. Contact VMware support for guidance.
Additional Information
Impact/Risks: 1. Unable to upgrade edge to 6.4.4 OR 2. Unable to make config change on edge already running 6.4.4