Error "Http failure response" when viewing NAT rules and IPSec VPN for Edge Gateway in VCD
search cancel

Error "Http failure response" when viewing NAT rules and IPSec VPN for Edge Gateway in VCD

book

Article ID: 424616

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • While NAT(Network Address Translation) rules and IPSec VPN fail to display for certain Edge Gateways, they appear correctly for others within VMware Cloud Director (VCD)
  • When this issue occurs, the following error message is displayed:

    For NAT rules:
    Error: Http failure response for https://<VCD_PUBLIC_FQDN>/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:####-########-####-########97e5/nat/rules?page=1&pageSize=128: 0 Unknown Error

    For IPSec VPN:
    Error: http failure response for https://<VCD_PUBLIC_FQDN>/cloudapi/1.0.0/edgeGateways/urn:vcloud:gateway:####-########-####-########97e5/ipsec/tunnels?page=1&pageSize=32: 0 Unknown Error

  • The following command executes successfully on each VCD cell, displaying the NAT rules and IPSec VPN correctly:

    For NAT rules:
    curl -kv -H 'Authorization: Bearer Token' -H 'Accept: application\/json;version=API_VERSION' -X GET 'https://<LOCAL_CELL_FQDN_OR_IP>/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:####-########-####-########97e5/nat/rules" 

    For IPSec VPN:
    curl -kv -H 'Authorization: Bearer Token' -H 'Accept: application\/json;version=API_VERSION' -X GET 'https://<LOCAL_CELL_FQDN_OR_IP>/cloudapi/2.0.0/edgeGateways/urn:vcloud:gateway:####-########-####-########97e5/ipsec\/tunnels' 

Environment

VMware Cloud Director 10.6.x

Cause

The Network traffic between the VCD cells and the browser may be interrupted; for example, a load balancer might drop the response for specific requests.

This issue may occurs when connecting to Cloud Director via a Load Balancer which has limitations set to the Http Header Size or the Header Count.
The Header Size or Header Count sent by Cloud Director to the Load Balancer exceed these values, and the Load Balancer resets the connection causing the API Call to fail.

Resolution

Coordinate with the network or security vendors (e.g., Load Balancer or Firewall support) to ensure that outbound responses are not being dropped or blocked.

For additional information on the recommended LB configuration, visit the documentation VMware Cloud Director Cell Load Balancing Configuration