After configuring an NSX Cloud in AVI, Virtual Services report as UP but remain unreachable. Verification of the NSX Tier-1 router shows that the expected /32 static routes for the VIP are missing.

VMware NSX

AVI Load Balancer (NSX-ALB)

The integration user account in NSX Manager is assigned the "Auditor" role, which prevents AVI from using the API to program static routes on the gateways.

1. Assign the AVI service account a role with Read-Write permissions (e.g., Enterprise Admin) in NSX Manager.
2. In the AVI Controller, navigate to Applications > Virtual Services.
3. Select the affected Virtual Service, click Disable, wait for the status to change, and then click Enable.
4. Verify the route appears in NSX.