If you use nested groups to authenticate and perform Role-Based Access Control (RBAC) in your Active Directory you may experience a problem with user authentication on vRealize Log Insight, because they may not able to login with group-based roles. You can find a solution in KB2079763.
Whether you use standalone vRLI or 3-Node cluster, I would recommend snapshots to be taken before initiating upgrade and snapshots should be used as a roll-back mechanism for any failures reported during upgrade steps. After snapshots have been taken, navigate to the config URL of your internal Load Balancer https://fqdn-ILB/internal/config if cluster or https://fqdn/internal/config if standalone.
Add following additional configuration options inside the <auth-method> tag:
<ad-nested-groups value="true" />
<ad-nested-groups-matching-chain-rule value="false" />
The configuration will be replicated on all nodes. No need to restart services, change is immediate and users in nested groups will be able to log in. If not, try to restart the Log Insight service for the configuration change to take effect.