NSX Upgrade Pre-Check Fails with "Dry-Run Error"
search cancel

NSX Upgrade Pre-Check Fails with "Dry-Run Error"

book

Article ID: 422352

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

"Dry-Run" Error During NSX Upgrade Pre-Check

Upgrade coordinator log:

2025-11-18T11:07:02.249Z WARN pool-50-thread-3 UpgradeServiceImpl 3816 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="upgrade-coordinator"] [PUC] Pre-upgrade check InspectionTaskInfo[acknowledgement=false,componentType=MP,description=Prompts user to execute Upgrade Evaluation Tool before proceeding with upgrade.,id=upgradeEvaluationToolCheck,name=Upgrade Evaluation Tool execution check,needsAcknowledgement=false,needsResolution=false,resolution=false,resolutionError=<null>] failed with result BasicInspectionTaskResult{status=FAILURE, taskInfo=InspectionTaskInfo[acknowledgement=false,componentType=MP,description=Prompts user to execute Upgrade Evaluation Tool before proceeding with upgrade.,id=upgradeEvaluationToolCheck,name=Upgrade Evaluation Tool execution check,needsAcknowledgement=false,needsResolution=false,resolution=false,resolutionError=<null>], failureMessages=null, failures=[{"moduleName":"upgrade-coordinator","errorCode":36000,"errorMessage":"NSX Manager upgrade dry run failed. Do not proceed with the upgrade. Please collect the support bundle and contact VMWare GS. Failed migrations: Migrating CreatedefaultIdsOversubscription. CreatedefaultIdsOversubscription: NullPointerException: Exception during Data migration"}]}

 

Environment

VMware NSX-T Data Center 3.X 

 

Cause

IdsSettings default object did not appear in the IDS table. 

Table name: IdsSettings.

Run the following command in NSX Manager Root mode to confirm the Ids object: 

/opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable --tool corfu-browser -t IdsSettings

Expected Output (Success): The IDS object details are displayed below: 

Key:

{

  "stringId": "/infra/settings/firewall/security/intrusion-services"

}

Payload:

{

  "abstractPolicyResource": {

    "managedResource": {

      "displayName": "intrusion-services"

    },

    "markedForDelete": false,

    "deleteWithParent": false,

    "locked": false,

    "isOnboarded": false,

    "internalKey": {

      "left": "###################",

      "right": "###################"

    },

    "gmKey": {

      "left": "###################",

      "right": "###################"

    },

    "parentPath": "/infra",

    "ownerId": {

      "left": "###################",

      "right": "###################"

    },

    "originSiteId": {

      "left": "###################",

      "right": "###################"

    }

  },

  "oversubscription": "OVERSUBSCRIPTION_BYPASSED"

}




Metadata:

{

  "createTime": "1765204130786",

  "createUser": "system",

  "lastModifiedTime": "1765204130786",

  "lastModifiedUser": "system",

  "productVersion": "3.2.0.1.0"

}

 

Note:  IdsSettings by default gets created during NSX installtion. 

Resolution

1. Download corfudb-tools and data-consistency-checker-24952114.tar.gz from the KB and place them in the NSX Manager's root directory. 

2. Extract the contents of "data-consistency-checker-24952114.tar.gz"

tar -xvf data-consistency-checker-24952114.tar.gz

3. Run the below command to confirm the NSX version. Note the value listed under the ProductVersion key:

 /opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable --tool corfu-browser -t SecurityFeatureToggle

4. Execute the command: 

sudo paxctl -c -m data-consistency-checker-24952114/jre-11.0.23/bin/java

5. Execute the following command, ensuring to replace the Version (captured in Step 3) and the host-IP (the Manager IP used for SSH). This script will create a new IDS Meta-data object. Note: Do not modify the existing right and left UUIDs in the command, as the script generates a new IDS object and mentioned UUIDs will be used.

data-consistency-checker-24952114/jre-11.0.23/bin/java -cp ./corfudb-tools-9.0.20251203071931.1277.1-shaded.jar -Djava.io.tmpdir=/image/corfu-tools/temp org.corfudb.browser.CorfuStoreBrowserEditorMain --host=#.#.#.# --port=9000 --tlsEnabled=true --keystore=/config/cluster-manager/cluster-manager/private/keystore.jks --ks_password=/config/cluster-manager/cluster-manager/private/keystore.password --truststore=/config/cluster-manager/cluster-manager/public/truststore.jks --truststore_password=/config/cluster-manager/cluster-manager/public/truststore.password --namespace=nsx --tablename=IdsSettings --operation=addRecord --keyToAdd='{"stringId": "/infra/settings/firewall/security/intrusion-services"}'  --valueToAdd='{"abstractPolicyResource": {"managedResource": {"displayName": "intrusion-services"}, "markedForDelete": false, "deleteWithParent": false, "locked": false, "isOnboarded": false, "internalKey": {"left": "13043823170321926482", "right": "12606650795840541595"}, "gmKey": {"left": "13043823170321926482", "right": "12606650795840541595"}, "parentPath": "/infra"} }'  --metadataToAdd='{"createTime": "1765345868907", "createUser": "system", "lastModifiedTime": "1765345868907", "lastModifiedUser": "system", "productVersion": "3.2.0.1.0"}'

  

6. Run the following command again to confirm the new metadata object was created successfully (verify no errors): 

/opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable --tool corfu-browser -t IdsSettings

7. Re-run the upgrade pre-check from the NSX Manager UI.

8.  Delete the downloaded files: corfudb-tools and data-consistency-checker-24952114.tar.gz

Attachments

data-consistency-checker-24952114 (2).tar.gz get_app
corfudb-tools-9.0.20251203071931.1277.1-shaded.jar get_app
Powered by Wolken Software