Updating DNS/NTP values can fail after upgrading SSP Installer (SSPI)from 5.0 to 5.1
search cancel

Updating DNS/NTP values can fail after upgrading SSP Installer (SSPI)from 5.0 to 5.1

book

Article ID: 417034

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Updating DNS/NTP could failed on older release since the database is missing sspType field.in the /var/log/secop/secop.log in sspi appliance:

"Request body has an error: doesn't match the schema: Error at "/service/ssp_type": JSON value is not one of the allowed values".

 

Login to SSP-Installer UI:

  • Navigate to Instance Management -> Connectivity Options -> Common Settings

  • Edit NTP or DNS Servers. This operation could fail with the error message: 

"Request body has an error: doesn't match the schema: Error at "/service/ssp_type": JSON value is not one of the allowed values"

Login to SSP-Installer CLI using sysadmin user credentials. In the /var/log/secop/secop.log in SSP Installer appliance you may see the error:

"Request body has an error: doesn't match the schema: Error at "/service/ssp_type": JSON value is not one of the allowed values"

Environment

Upgraded SSP-Installer from 5.0 to 5.1

Cause

The database schema now requires the `ssp_type` field to be populated, but this field may be `NULL` or empty after the upgrade, causing DNS/NTP update operations to fail validation.

Resolution

NOTE : This issue is fixed in SSP 5.1.1

Workaround:

Approach 1: Add any IP to the node IP pool or the service IP pool first by navigating to Instance Management -> Connectivity Options -> IP Pools

and save it. After this, updating NTP/DNS will succeed.

 

Approach 2 (Recommended): Update the database and retry the operations using the attached script. Steps below:

  1. Download the script attached (fix_dns_ntp_upgrade.sh) to this KB.

  2. Upload it to any location of the SSP Installer VM.

  3. Login to the SSP Installer VM using sysadmin user credentials.

  4. Switch to root user using sudo -i and enter the root password.

  5. Navigate to the directory to which the script has been uploaded.

  6. Modify the permissions of the script to be executable - chmod +x fix_dns_ntp_upgrade.sh

  7. Run the script: ./fix_dns_ntp_upgrade.sh

 

Expected output:

root@ssp-installer-vm:~# ./fix_dns_ntp_upgrade.sh
Fixing DNS/NTP update issue...
Fix applied. Please retry the DNS/NTP update operation.


Verification:

  • Wait for a couple of minutes (~5 minutes) for the change to get pushed.

  • Get back to the UI page of SSP-Installer where you were trying to change the DNS/NTP configurations.

  • Refresh the page.

  • Try to perform changes that you would like to DNS/NTP and save the configuration.

  • This should now allow you to save the configuration.

Attachments

fix_dns_ntp_upgrade.sh get_app
Powered by Wolken Software