HCX - Failed to deploy NE / Failed to extend Network and reported error message "PKIX path building failed"
search cancel

HCX - Failed to deploy NE / Failed to extend Network and reported error message "PKIX path building failed"

book

Article ID: 311832

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

HCX failed to deploy NE and reported the error message below when resyncing the service mesh:

Validate RemoteService Mesh failed. Interconnect Service Workflow ValidateRemoteServiceMesh failed. Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuildingException: unable to find valid certification path to requested target.

Re Authenticating: The NSX manager failed with the error - "Untrusted SSL," and logs show the following error:  

  • /common/logs/appliance-management/appliance-management.log

    06:58:28.570 [main] ERROR com.vmware.hybridity.admin.config.ApplianceConfigValidator - Unable to verify the endpoint link details for https://<NSX Manager FQDN>
    com.vmware.vchs.hybridity.adapters.https.UntrustedCertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Environment

VMware HCX
VMware NSX 

Cause

This issue is due to a change in the NSX-T manager cert.

1. Check the NSX-T manager sha256 cert fingerprint via a web browser




2. Navigate to the HCX Manager Admin UI page (https://<HCX-IP>:9443) > Administration > Certificate > Trusted CA Certificate. Verify the trusted NSX-T manager cert is correct.

 



Resolution

Re-import the newly updated NSX Manager certificate. 

  • Navigate to the HCX appliance management interface: https://hcx-ip-or-fqdn:9443.
  • Navigate to the Administration tab.
  • Select Certificate > Trusted CA Certificate on the side menu.
  • Select the certificate import option: URL
  • Enter the IP or FQDN that the NSX Manager. 
  • Click Apply.