• The steps to migrate Tanzu Application Service (TAS) Foundation to Policy are being executed.
• The steps fail with error:
  
  LB Virtual Server promotion fails with error code 1400005 (MIGRATION_ERROR), which wraps 1400004 (RESOURCE_NOT_MIGRATED), with the message: "MP Resource of type: CERTIFICATE with id: <UUID> not found on policy/not yet promoted
  
  
• The NSX Manager logs shows the following error:
  
  var/log/migration-coordinator/migration-coordinator.log
[TIMESTAMP] Error while promoting LB_VIRTUAL_SERVER:<UUID>.Reason:MP Resource of type : CERTIFICATE with id :<UUID> not found on policy/not yet promoted.

VMware NSX
VMware Tanzu Application Service 

This is a known issue impacting VMware NSX.

Workaround:

1. Rollback migration.
2. Obtain or generate a new LB cert.
3. Add using Manager API only.
    
   
   1. Navigate to Networking > Load Balancing > Load Balancer Profiles.
   2. Edit problematic LB/HTTPS Application Profile.
   3. In the Application Profile, select the imported certificate under the SSL settings.
   4. Navigate to Virtual Servers, edit your HTTPS virtual server, and ensure the updated Application Profile is assigned.
      
      
4. Attempt the migration again.

If rollback fails, open a case with Broadcom Support and reference this KB article and provide NSX Manager logs along with TAS migration logs. Example error below.

migrate-mp2p/mp_to_policy_import.log
[ERROR TIMESTAMP]: Encountered client error: 'b'{\n  "httpStatus" : "BAD_REQUEST",\n  "error_code" : 30740,\n  "module_name" : "migration-coordinator",\n  "error_message" : "MP to policy promotion rollback failed. Error : Rollback error. Reason : Cannot invoke \\"com.vmware.nsx.management.common.Identifiable.getIdentifier()\\" because \\"data\\" is null.Please contact support.."\n}''. Status Code: 400

NOTE: TAS migration logs are stored on the migrate-mp2p VM under /var/vcap/store/migrate-mp2p