When Avi is deployed using VMware Cloud Foundation (VCF) 5.2.1, the NSX-T service account is automatically created and assigned the Auditor role by default.

As a result, when a user attempts to create an NSX-T Cloud Connector using this service account, the associated Virtual Service (VS) fails to reach the Operationally UP state.

To resolve this issue, the NSX-T service account must be assigned the Network Admin role instead of the default Auditor role.

Steps to Assign the Network Admin Role:

1. Log in to the NSX-T Manager UI.
   
   
2. Navigate to:
   System → User Management → User Role Assignment
   
   
3. Select the NSX-T service account.
   
   
4. Click Edit.
   
   
5. In the Role dropdown, select Network Admin.
   
   
6. Click Add to confirm the role assignment.
   
   

Apply the changes.

Final Step:

After updating the role, disable and re-enable any virtual services that may be using that cloud to reflect the changes