Synchronization issues with thumbprint errors after updating NSX Manager Primary / Secondary SSL Certificates
search cancel

Synchronization issues with thumbprint errors after updating NSX Manager Primary / Secondary SSL Certificates

book

Article ID: 309113

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • In the NSX Manager logs, these errors are seen:
EDT ERROR pool-4-thread-1 ThumbprintTrustManager:53 - 2B:FA:AB:C8:52:##:##:##:##:##:##:## could not be validated against registered thumbprints java.security.cert.CertificateException: 2B:FA:AB:C8:52:##:##:##:##:##:##:##:##:##:##:##:##:## could not be validated against registered thumbprints at com.vmware.vshield.commons.utils.trust.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:50)



Environment

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.2.x

Resolution

To resolve this issue:

  1. Log on to the vSphere Web Client.
  2. Navigate to Networking & Security > Installation > Management.
  3. Click Actions under NSX Managers and choose Update Secondary NSX Manager.
  4. Select the Secondary NSX Manager with the sync issues.
  5. Re-enter its existing IP.
  6. Accept the new SSL Thumbprint.
  7. Click Actions under NSX Managers and choose Perform Universal Synchronization.