After NSX Manager upgrade to 6.4.4, unable to upgrade edge to 6.4.4 or modify configuration
search cancel

After NSX Manager upgrade to 6.4.4, unable to upgrade edge to 6.4.4 or modify configuration

book

Article ID: 325094

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

This KB is to document a known issue with NSX Data Center 6.4.4 that may prevent upgrading or making changes to NSX Edge Service Gateways.

Symptoms:
1. Edge upgrade fails OR
  2. After Edge upgrade to 6.4.4, Edge configuration may timeout.

Customers upgrading from NSX Data Center 6.3.x or 6.4.x release to 6.4.4 may experience this issue.

Environment

VMware NSX for vSphere 6.4.x

Cause

Issue happens only if edge firewall or distributed firewall has rules applied to edges and security groups or IP sets are used in the firewall rules.

A message queue which processes the security group/IP-set updates was not configured correctly, so communication between NSX manager and the edge gets blocked when the number of pending messages reaches a threshold. This is fixed by correcting the message queue configuration.

Resolution

This issue is resolved in VMware NSX for vSphere 6.4.5, available at VMware Downloads.


Workaround:
There are two methods to workaround this issue:

1. Do not use grouping objects in firewall rules applied to edges.

2. Contact VMware support for guidance.

Additional Information

Impact/Risks:
1. Unable to upgrade edge to 6.4.4 OR
  2. Unable to make config change on edge already running 6.4.4