The Global Manager UI shows an error message similar to the following: Error: Unable to fetch TransportZoneListResultDto List from NSX, enforcement point default. (Error code: 500139)
Environment
VMware NSX VMware NSX-T Data Center
Cause
This issue occurs due to the Global Manager retaining the old thumbprint in place for the Local Manager, which no longer matches the new certificate in place on the Local Manager(s).
Resolution
This is a known issue impacting VMware NSX.
Workaround:
Retrieve the Local Manager certificate thumbprint (SHA-256 Thumbprint):
Either from the Local Manager UI:
Log in to the Local Manager UI.
Navigate to "System" / "Appliances".
Under "Show Details", click "Thumbprint".
Copy the thumbprint.
Or from your browser (the instructions below are for Chrome and may be different on other browsers):
Navigate to the Local Manager UI.
Click the lock symbol in the address bar.
Select "Connection is secure".
Click "Certificate is valid".
Copy the SHA-256 thumprint for the Local Manager certificate.
If the SHA-256 thumbprint is shown with spaces, remove all the spaces. For example: Before: 00 11 22 33 44 55 66 77 88 99 00 AA BB CC DD EE FF 00 11 22 33 44 55 66 77 88 99 00 AA BB CC DD After: 0011223344556677889900AABBCCDDEEFF0011223344556677889900AABBCCDD
Log in to the Global Manager.
Navigate to "System" / "Location Manager".
Select "Actions" / "Edit Settings" for the relevant Local Manager site (the one for which the thumbpring was retrieved above).
Add the new thumbprint (without spaces) as SHA-256 Thumprint along with the required password.
Click "Check Version Compatibility" button in the same box.