Symptoms:

• LDAP has been configured and may have been working previously to allow LDAP users to login to the VMware NSX manager and or run API calls.
• When logged in to the VMware NSX manager UI as an LDAP user, under System -> Appliances, information is displayed correctly.
• Looking at the VMware NSX manager log /var/log/cbm/tanuki.log, in one or more VMware NSX manager nodes in the cluster, we see the following error:

INFO | jvm 1 | 2023/11/02 06:05:10 | INFO: Error parsing HTTP request header
INFO | jvm 1 | 2023/11/02 06:05:10 | Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
INFO | jvm 1 | 2023/11/02 06:05:10 | java.lang.IllegalArgumentException: Request header is too large

VMware NSX 4.1.0, 4.1.1 and 4.1.2.

• The server has a maximum size for the request header (The default value for max-http-header-size for Springboot Tomcat/Jetty is 8KB), which is the part of the request that contains information about the user and the connection. If the request header is too large, the server will reject the request and return an error code 400.
• The request header size depends on the user’s identity and role. For users under the AD group, the request header size is larger than the limit set by the server, which is 8KB by default. This causes the request to fail and the UI to show the cluster status as unavailable.

This issue is resolved in VMware NSX 4.2.0.

Workaround:

If you believe you have encountered this issue and are unable to upgrade at this time, please open a support request with Broadcom by VMware NSX and reference this KB article.