Search the VMware Knowledge Base (KB)
View by Article ID

VIO 2.5.x and 3.x Creating Security Group (SG) fails in NSX 6.2.4 (2146981)

  • 0 Ratings

Symptoms

NSX for vSphere 6.2.4 with VMware Integrated Openstack 3.0 environments with multiple clusters. If two or more users modify the firewall configuration in parallel (For example, Add/Delete sections or rules) , you experience these symptoms:
  • Creating Security Groups (SG) fails
  • The Neutron logs contains entries similar to:

    neutron-server.log.1:70261:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin [req-caaee4ae-5a6d-40ac-be14-c65effdb46b9 7bbf6a49359242c289aa017230c174dc c7674d5e471a43e98e1b382f44838d01 - - -] Failed to create security group
    neutron-server.log.1:70262:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin Traceback (most recent call last):
    neutron-server.log.1:70263:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/plugin.py", line 2621, in create_security_group
    neutron-server.log.1:70264:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin insert_before=self.default_section)
    neutron-server.log.1:70265:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/vshield/vcns.py", line 569, in create_section
    neutron-server.log.1:70266:2016-08-23 17:58:23.429 30787 ERROR vmware_nsx.plugins.nsx_v.plugin decode=False, encode=False
    .......

    neutron-server.log.1:70332:2016-08-23 17:58:23.443 30787 ERROR neutron.api.v2.resource RequestBad: Request https://60.0.25.196/api/4.0/firewall/globalroot-0/config/layer3sections?autoSaveDraft=false&operation=insert_before&anchorId=1004 is Bad, response <?xml version="1.0" encoding="UTF-8"?>
    neutron-server.log.1:70333:2016-08-23 17:58:23.443 30787 ERROR neutron.api.v2.resource <error><details>org.hibernate.exception.GenericJDBCException: Could not execute JDBC batch update; nested exception is javax.persistence.PersistenceException: org.hibernate.exception.GenericJDBCException: Could not execute JDBC batch update</details><errorCode>258</errorCode></error>
    neutron-server.log.1:70334:2016-08-23 17:58:23.443 30787 ERROR neutron.api.v2.resource


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs due to a known issue with the VMware Integrated Openstack plug-in.

Resolution

To resolve this issue, restart VIO Neutron services. For more information, see How to start and stop a VIO deployment (2148892).

To prevent this issue, avoid concurrent modification of firewall configuration. This happens due to changes made manually by administrator or by other solutions integrated with NSX that are managing security rules in NSX.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Update History

1/30/17 Added the Feedback of This issue is resolved in NSX for vSphere 6.3.0. Updated the Title to reflect a more uniform manner of KB article titles

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: