Trying to access Vault UI errors out { "code": 501, "message": "OAuth is not enabled" }

We have two env clusters with separate Vault accounts, and we recently upgraded LinkerD mesh in both environments.
Vault connects to the cluster without issue, but when I try to access the vault UI for one env, it fails. I have not altered any vault settings, but I continue to receive this error.

Has anyone else run into this problem?


No errors in the logs
core: stored unseal keys supported, attempting fetch
core: raft retry join initiated
core.cluster-listener.tcp: starting listener: listener_address=[::]:8201
core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
storage.raft: creating Raft: config=“&raft.Config{ProtocolVersion:3, HeartbeatTimeout:15000000000, ElectionTimeout:15000000000, CommitTimeout:50000000, MaxAppendEntries:64, BatchApplyCh:true, ShutdownOnRemove:true, TrailingLogs:0x2800, SnapshotInterval:120000000000, SnapshotThreshold:0x2000, LeaderLeaseTimeout:2500000000, LocalID:"vault-0", NotifyCh:(chan<- bool)(0xc000fd3490), LogOutput:io.Writer(nil), LogLevel:"DEBUG", Logger:(*hclog.interceptLogger)(0xc000870c30), NoSnapshotRestoreOnStart:true, skipStartup:false}”
storage.raft: initial configuration: index=35 servers=“[{Suffrage:Voter ID:vault-0 Address:vault-0.vault-internal:8201} {Suffrage:Voter ID:vault-1 Address:vault-1.vault-internal:8201} {Suffrage:Voter ID:vault-2 Address:vault-2.vault-internal:8201}]”
storage.raft: entering follower state: follower=“Node at vault-0.vault-internal:8201 [Follower]” leader-address= leader-id=
core: entering standby mode
core: vault is unsealed
core: unsealed with stored key

$ vault status
Key Value

Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.11.0
Build Date 2022-06-17T15:48:44Z
Storage Type raft
Cluster Name vault-cluster-353fc036
Cluster ID xxxxxxxxxxxxxxxxxxx
HA Enabled true
HA Cluster https://vault-0.vault-internal:8201
HA Mode standby
Active Node Address
Raft Committed Index 2703169
Raft Applied Index 2703169

{ “code”: 501, “message”: “OAuth is not enabled” }

Does not look like an error from Vault at all to me.

I think you have some other proxy/loadbalancer software or appliance in front of Vault that is blocking the connection before it ever reaches Vault.

That is one thing I thought would be an issue at first, but I kept all of the vault pods out of Linkerd mesh, and it is not injected onto vault pods.

Nevertheless, that’s not a JSON structure that Vault itself would return - and still less from the /ui endpoint.