Synchronization issues with thumbprint errors after updating NSX Manager Primary / Secondary SSL Certificates
book
Article ID: 309113
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
In the NSX Manager logs, these errors are seen:
EDT ERROR pool-4-thread-1 ThumbprintTrustManager:53 - 2B:FA:AB:C8:52:##:##:##:##:##:##:## could not be validated against registered thumbprints java.security.cert.CertificateException: 2B:FA:AB:C8:52:##:##:##:##:##:##:##:##:##:##:##:##:## could not be validated against registered thumbprints at com.vmware.vshield.commons.utils.trust.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:50)
Environment
VMware NSX for vSphere 6.4.x VMware NSX for vSphere 6.3.x VMware NSX for vSphere 6.2.x
Resolution
To resolve this issue:
Log on to the vSphere Web Client.
Navigate to Networking & Security > Installation > Management.
Click Actions under NSX Managers and choose Update Secondary NSX Manager.
Select the Secondary NSX Manager with the sync issues.
Re-enter its existing IP.
Accept the new SSL Thumbprint.
Click Actions under NSX Managers and choose Perform Universal Synchronization.