In the /var/log/syslog file in NSX Edge, you see messages similar to:

/var/log/syslog.1:<27>1 YYYY-MM-DDTHH:MM:SS.ssssss+00:00 lab00775 NSX #### LB [nsx@#### comp="nsx-edge" subcomp="nsx-edge-lb.lb" level="ERROR" errorCode="EDG9999999"] [########-####-####-####-############] upstream sent too big header while reading response header from upstream, client: <IP>, server: , request: "GET /auth/code?code=OanOh4rBqp&state=########-####-####-####-############ HTTP/1.1", upstream: "https://<IP>:0/auth/code?code=OanOh4rBqp&state=<uuid>", host: "<HOSTNAME>"

• If the LB entity is created using Policy, create an HTTP profile at policy UI with higher response header size.
  • Path: Networking--> Load Balancer--> Profiles--> Add Application profile --> HTTP.
  • Apply this HTTP profile to the VIP on the "Virtual Servers" page.
• If the LB entity is created at MP (either via UI or NCP), create an HTTP profile via the Policy UI and attach the newly created profile to the VIP in the MP UI.

Alternatively, change the L7 LB to an L4 LB in order to get the affected application working as well. This will be due to the custom Application Profiles no longer being applied.

Note: This is an application-level issue caused by header response sizes changing after application upgrades, and is not limited to NCP.