New TKGI cluster can't be created because of NSX Error "Priority already present - XXXXXXXXXXXX"
Observations:
Sample Error Log in nsxapi.logs:
Getting Config for id - FirewallConfiguration/e6b33ca8-3e73-11eb-b378-0242ac130003
Error occurred while consuming 26 messages.
Error java.lang.IllegalArgumentException: Priority already present - xxxxxxxxxxxxxxx
Customer upgraded from NSX 3.2.X to 4.2.X
FirewallConfiguration.txt
There are two sections with the same priority.
{
"entityUuid": {
"left": "6268088172294982924",
"right": "13355233986041533070"
},
"priority": "9223372036857967068"
}, {
"entityUuid": {
"left": "13957021768680753086",
"right": "12805234494950509432"
},
"priority": "9223372036857967068"
}
FirewallSectionPriority.txt
Section 1
Payload:
{
"managedResource": {
"displayName": "07d260c4-2da3-4b76-a1d6-94042efbb0e9"
},
"sectionUuid": {
"left": "13957021768680753086",
"right": "12805234494950509432"
},
"priority": "9223372036857967068"
}
Metadata:
{
"createTime": "1768295859459",
"createUser": "system",
"lastModifiedTime": "1768295859459",
"lastModifiedUser": "system",
"productVersion": "4.2.1.4.0"
}
Section 2
Payload:
{
"managedResource": {
"displayName": "67592029-ca68-4741-82d5-2c63ddac8e25"
},
"sectionUuid": {
"left": "6268088172294982924",
"right": "13355233986041533070"
},
"priority": "9223372036857967068"
}
Metadata:
{
"createTime": "1768295755464",
"createUser": "system",
"lastModifiedTime": "1768295755464",
"lastModifiedUser": "system",
"productVersion": "4.2.1.4.0"
}
There's a offset of 500000000 for the internal priority which results to
9223372036857967068 - 500000000 = 9223372036357967068
That's what the exception complains about
2026-01-15T11:08:20.458Z WARN FIREWALL_UFO_PRIORITY_PROCESSOR-0 AbstractPersistedQueueProcessor 77125 SERVICE [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] Error occurred while consuming 20 messages. Error java.lang.IllegalArgumentException: Priority already present - 9223372036357967068, Messages: Msg: left: 10928761187
The FirewallConfigurationReassignPriorityMigrationTask should be executed during the upgrade to handled all the FW priorities. To make it work, the code change would be required to add 3.2.4 version as well so that the task can get executed during upgrade or migrated to 4.2.x from any of the below versions.
name: FirewallConfigurationReassignPriorityMigrationTask
runForTheseFromVersions: 3.2.0,3.2.1,3.2.2,3.2.3,4.0,4.1
The change is to make sure the task gets executed for 3.2.x versions for the priority to be updated once the user is on 4.2.4.