Unable to register NSX Manager to vCenter after updating vCenter certificates
search cancel

Unable to register NSX Manager to vCenter after updating vCenter certificates

book

Article ID: 307348

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:


Attempting to register NSX Manager with either the PSC (Lookup Service) or the vCenter Server URL fails. Users may be presented with a certificate, however, we get an unknown error occurred.

In the vCenter /var/log/vmware/eam/eam.log, we see errors such as:

Failed to login to vCenter as extension. vCenter has probably not loaded the EAM extension.xml yet.: Cannot complete login due to an incorrect user name or password.
 

In an NSX Manager SSH session, run:

show manager log 
YYYY-MM-DD HH:MM:SS GMT ERROR taskScheduler-14 InstallTask:202 - error while creating eam agency for deployment 
com.vmware.vim.binding.eam.fault.NoConnectionToVCenter:
inherited from com.vmware.vim.binding.eam.fault.EamRuntimeFault:
inherited from com.vmware.vim.binding.eam.fault.NoConnectionToVCenter



Environment

VMware NSX Data Center for vSphere 6.4.x

Cause

When certificates are replaced, some vCenter extensions are not updated and lose connectivity with vCenter.

Resolution

Run the following in an SSH session on the vCenter server while logged in as root:


# shell.set --enabled true
# mkdir /certificate
# /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt
# /usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key
# python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.vim.eam -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s FQDNofvCenterServer -u [email protected]
 

You will be prompted to enter the password for the admin user.

Password to connect to VC server for user="[email protected]":
 

After entering the proper password, you should see:
 

YYYY-MM-DD HH:MM:SS  Updating certificate for "com.vmware.vim.eam" extension
YYYY-MM-DD HH:MM:SS  Successfully updated certificate for "com.vmware.vim.eam" extension
YYYY-MM-DD HH:MM:SS  Verified login to vCenter Server using certificate="/certificate/vpxd-extension.crt" is successful
root@wd-xas-vcsa-t01 [ ~ ]#

Then perform the following:

  1. Configure the Lookup Service and vCenter registration on the NSX Manager vApp.
  2. In the vCenter vApp DCUI UI (port 5480), restart the EAM service.
  3. Log out and back into the vCenter server in the HTML5 client using an administrative account.
Powered by Wolken Software