Post upgrade from 4.1.1 to newer versions, Route based IPSEC tunnel down with error "Pool ########-####-####-####-############ does not exist"
search cancel

Post upgrade from 4.1.1 to newer versions, Route based IPSEC tunnel down with error "Pool ########-####-####-####-############ does not exist"

book

Article ID: 416078

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Recently upgraded from 4.1.1 (or before) to 4.1.2 (or newer versions)
  • Creating an IPSec VPN session on a existing IPSec VPN service (created on a gateway before upgrade) fails with the following error:
    Pool ########-####-####-####-############does not exist
  • See the corresponding error in the /var/log/proton/nsxapi.log:
    2025-10-06T18:10:00.198Z ERROR providerTaskExecutor-1-96 PolicyProviderUtil 76788 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM500015" level="ERROR" subcomp="manager"] Unexpected exception received during provider invocation.
    java.lang.IllegalStateException: Pool ########-####-####-####-############does not exist
            at com.vmware.nsx.platform.idas.common.service.AddressManagementServiceImpl.allocate(AddressManagementServiceImpl.java:376) ~[?:?]
            at com.vmware.nsx.platform.idas.macam.service.MACAMServiceImpl.allocate(MACAMServiceImpl.java:92) ~[?:?]
            at com.vmware.nsx.management.edge.lrouter.service.TunnelPortMacServiceImpl.allocateAndMarkPermanent(TunnelPortMacServiceImpl.java:57) ~[?:?]
            at com.vmware.nsx.management.edge.lrouter.ports.service.LRPortsServiceImpl.createVTIPort_aroundBody4(LRPortsServiceImpl.java:479) ~[?:?]
            at com.vmware.nsx.management.edge.lrouter.ports.service.LRPortsServiceImpl$AjcClosure5.run(LRPortsServiceImpl.java:1) ~[?:?]
            at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) ~[?:?]
            at io.micrometer.core.aop.TimedAspect.processWithTimer(TimedAspect.java:119) ~[?:?]
            at io.micrometer.core.aop.TimedAspect.ajc$inlineAccessMethod$io_micrometer_core_aop_TimedAspect$io_micrometer_core_aop_TimedAspect$processWithTimer(TimedAspect.java:1) ~[?:?]
            at io.micrometer.core.aop.TimedAspect.timedMethod(TimedAspect.java:97) ~[?:?]
            at com.vmware.nsx.management.edge.lrouter.ports.service.LRPortsServiceImpl.createVTIPort(LRPortsServiceImpl.java:472) ~[?:?]
            at com.vmware.nsx.management.vpn.ipsec.service.impl.IPSecVPNSessionServiceImpl.createPortsForSession(IPSecVPNSessionServiceImpl.java:587) ~[?:?]


Environment

NSX-T Data Center 3.x
NSX 4.0.x
NSX 4.1.0 - 4.1.1

Cause

In version 4.1.2, there is a pool creation logic that is implemented on Tier-0. When NSX is upgraded from 4.1.1 or before versions to these later versions, the pool creation should happen during the upgrade however, the realization failed at the time of upgrade, resulting in this issue.

Resolution

If you believe you have encountered this issue, please open a support request with Broadcom Support and refer to this KB.




Additional Information

If you are contacting Broadcom support about this issue, please provide the following: Reference KB "Creating and managing Broadcom support cases"

  • NSX Manager support bundles
  • ESXi host support bundles for hosts that are failing to configure as transport nodes.
  • Text of any error messages seen in NSX GUI or command lines pertinent to the investigation

Handling Log Bundles for offline review with Broadcom support

Powered by Wolken Software