In an NSX-T Federation setup, Site-Manager synchronization fails with a certificate error
search cancel

In an NSX-T Federation setup, Site-Manager synchronization fails with a certificate error

book

Article ID: 312607

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • The Global Manager (GM) and Local Manager (LM) are on 2 different NSX-T versions.
  • You are unable to onboard new sites (Local Managers) to the Global Manager.
  • There are configuration in consistencies between the Local Managers and Global Managers.
  • The following error is displayed for one or more LM in the GUI when the user navigates Global Manager UI > System > System Overview

"I/O error on GET request for "https://.........." . . . .. PKIX path building failed: ………….. Unable to find certificate chain"
 

  • You may encounter entries similar to the below error in the Global Manager's logs - /var/log/gmanager/gmanager.log
202x-xx-xxTxx:xx:xx.768Z INFO http-nio-127.0.0.1-64440-exec-208 RemoteSiteStatusFacadeImpl 5797 - [nsx@6876 comp="global-manager" level="INFO" reqId="xxxxxxxx-dxxx-4xxx-b2xx-51xxxxxxxx" subcomp="global-manager" username="admin"] Was not able to get data from remote site xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx. Error I/O error on GET request for "https://xx.xx.xx.xx/api/v1/ui-controller/clusters-overall-status": sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain..



Environment

VMware NSX-T Data Center

Cause

The site_type is an unrecognized type in 3.1.x releases of NSX and was introduced in 3.2.x.
When the Federated setup is partially upgraded, i.e., only when one or more LMs are upgraded, Onboarding a new LM would fail.

Resolution

This issue is resolve in NSX-T 3.2.3

Workaround:
Complete the Global Manager upgrade to bring Global and Local Managers to the same version.

Powered by Wolken Software