Migration Coordinator Translate L4-L7 Error "list object has no attribute get"
search cancel

Migration Coordinator Translate L4-L7 Error "list object has no attribute get"

book

Article ID: 426730

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

During Import Configuration for NSX-V to NSX-T, Migration Coordinator doesn't complete the L3, L4-L7 Translate Configuration because of an Error for IDFW. 

Error in UI
Error Rollback failed. Check rollback.log file for more details [Reason: Identity Firewall failed with "list object has no attribute get"]

migration-coordinator.log
19:33:49:36.467Z ERROR task-executor-16-1-workitem-CONFIG_TRANSLATION_L3_L7-ConfigCollectorL3ToL7 WorkItem 13066 SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP30033" level="ERROR" subcomp="upgrade-coordinator"] Error reported by plugin during upgrade of upgrade unit ConfigCollectorL3ToL7
-
19:33:49.467Z  INFO task-executor-16-1-workitem-CONFIG_TRANSLATION_L3_L7-ConfigCollectorL3ToL7 ExecutionMonitorServiceImpl 13066 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="upgrade-coordinator"] Updating error list of upgrade unit ConfigCollectorL3ToL7
19:33:49.467Z  INFO task-executor-16-1-workitem-CONFIG_TRANSLATION_L3_L7-ConfigCollectorL3ToL7 ExecutionMonitorServiceImpl 13066 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="upgrade-coordinator"] Execution monitor service invoked to react to failure of node ConfigCollectorL3ToL7 [Config translation failed [Reason: Identity Firewall failed with ''list' object has no attribute 'get'']]

Error in var/log/cm-inventory/cm-inventory.log
19:33:49,380 68844 CM.plugins.idfw_plugin DEBUG  event_log_server = {'AD.SERVER.01': False}
19:33:49,381 68844 CM.plugins.idfw_plugin INFO  Validate NSX-T AD domain config <----------------This starts
19:33:49,381 68844 CM.plugins.idfw_plugin DEBUG  missing_domains = {'1': 'AD.SERVER.01'}
19:33:49,381 68844 CM.engine.filt DEBUG  Requesting user feedback for ADDomainMissing 1
19:33:49,381 68844 CM.plugins.idfw_plugin INFO  Validate NSX-T AD sync stats
19:33:49,381 68844 CM.plugins.idfw_plugin DEBUG  failed_domains = {}
19:33:49,381 68844 CM.plugins.idfw_plugin INFO  Validate NSX-T event log server config
19:33:49,381 68844 CM.plugins.idfw_plugin DEBUG  Missed event log servers = {} <----------No NSX-T AD Server

Environment

NSX-V to NSX-T Migration Coordinator

Cause

This error is due to IDFW AD Server configuration (AD.Server.01) not having the same alignment on both NSX-V and NSX-T.
Example would show in the UI of NSX-V configured as AD.Server.01 and no AD server configured for NSX-T show below.




Resolution

Add the same AD server from NSX-V to NSX-T and restart the migration coordinator translate configuration import process. 

Workaround: If IDFW AD services are not required and not part of the migration infrastructure for NSX-T. Option is to remove the AD server from the NSX-V configuration and restart migration coordinator process. 

Additional Information

Configure AD server for IDFW in NSX 4.2. and 9.0
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/9-0/administration-guide/operations-and-management/configuring-active-directory-and-event-log-scraping.html

Powered by Wolken Software