Search the VMware Knowledge Base (KB)
View by Article ID

NSX Edge is unmanageable with some load balancer settings after upgrading to NSX 6.2.3 (2145887)

  • 4 Ratings

Symptoms

NSX Edge upgrade fails and becomes unmanageable after upgrading VMware NSX for vSphere 6.2.x to 6.2.3.

Purpose

This article provides the steps to resolve the NSX Edge upgrade failure issues while upgrading to NSX 6.2.3.

Cause

VMware NSX for vSphere 6.2.3 introduced approved ciphers list in NSX Manager and does not allow the ciphers to be NULL for serverSsl and clientSsl in load balancer.

Note: Default ciphers value is NULL in NSX 6.2.2 and earlier versions.

Resolution

This is a known issue affecting VMware NSX for vSphere 6.2.3.

This issue is resolved in VMware NSX for vSphere 6.2.4, available at VMware Downloads.

If you are unable to upgrade at this time, follow the workaround.
 
To work around the issue, use POST API method to set ciphers value from NULL to DEFAULT.

  1. Download the attached signed_bsh_updateCiphersUtils.encoded file.

  2. Run the following POST call on NSX Manager:

    Method: POST
    URL: https://nsxmgr_ip/api/1.0/services/debug/script
    Body : Copy contents of the attached file signed_bsh_updateCiphersUtils.encoded

  3. Validate that ciphers value is changed from NULL to DEFAULT.

  4. To validate the ciphers value, use REST API GET to obtain all application profiles content:

    Method: GET
    URL: https://nsxmgr_ip/api/4.0/edges/EdgeID/loadbalancer/config/applicationprofiles


    Note
    : To find the Edge ID:
    1. Log in using the vSphere Web Client.
    2. Select Networking & Security > NSX Edges. The first column ID should list the Edge ID.

    For more information on how to make API calls to the NSX Manager, see the Using the NSX REST API section in the VMware NSX for vSphere API Guide.

Additional Information

You experience these additional symptoms.
  • In the NSX User Interface (UI), some of the tabs display errors similar to:
    Internal error has occurred.

  • Running the show log command on the NSX Manager console reports entries similar to:
    2016-06-14 05:04:37.476 GMT ERROR http-nio-127.0.0.1-7441-exec-3 EdgeFacadeImpl:846 - Failed to get edge.

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
If you are planning to upgrade to NSX 6.2.4 and your environment is configured with load balancer, ensure that ciphers value for serverSsl and clientSsl is set as DEFAULT.

To verify the ciphers value:
  1. Use REST API GET to obtain all application profiles content:

    Method: GET
    URL:  https://nsxmgr_ip/api/4.0/edges/EdgeID/loadbalancer/config/applicationprofiles

  2. Check if <ciphers> in <clientSsl> and <serverSsl> are set to DEFAULT:

    For example:

    Segment of Request body:
    <applicationProfile>
      <name>https-profile</name> 
      <insertXForwardedFor>false</insertXForwardedFor> 
      <sslPassthrough>false</sslPassthrough>  loadbalancer/config/applicationprofiles
      <template>HTTPS</template> 
      <serverSslEnabled>true</serverSslEnabled> 
      <clientSsl>
        <ciphers>DEFAULT</ciphers> 
        <clientAuth>ignore</clientAuth> 
        <serviceCertificate>certificate-4</serviceCertificate>
      </clientSsl> 
      <serverSsl>
        <ciphers>DEFAULT</ciphers> 
        <serviceCertificate>certificate-4</serviceCertificate>
      </serverSsl>
    </applicationProfile>


  3. If the ciphers value is set as DEFAULT, continue with the NSX 6.2.4 upgrade.

  4. If the ciphers value is set as NULL, follow the workaround mentioned with a POST API call to set ciphers value from NULL to DEFAULT.

Tags

Edge Upgrade failed,Unable to manage Edge, NSX Edge becomes unmanageable after upgrade

See Also

Attachments

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 4 Ratings
Actions
KB: