Error Code: 500016 when trying to view group members on the Global Manager (Error: I/O error)
search cancel

Error Code: 500016 when trying to view group members on the Global Manager (Error: I/O error)

book

Article ID: 313769

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX Federated environment.
  • Recently replaced certificates or expired certificates on Local Manager and/or Global Manager.
  • When trying to view members on the global manager you see similar errors in the NSX UI:

Error: I/O error on GET request for "https://<nsx-mgr-ip>/policy/api/v1/global-infra/domains/default/groups/ipset-########-####-####-####-########/members/ip-addresses": UUID; nested exception is javax.net.ssl.SSLHandshakeException: UUID (Error code: 500016)

Note: The error above is not exclusively seen for IP Addresses, the same error can be seen for Virtual Machines, NSX Segments, etc...

Environment

VMware NSX-T Data Center

Cause

  1. After replacing a certificate, the thumbprint for the site locations may not get automatically replaced.
  2. Expired certificates are seen on the Local Managers

Resolution

Please verify the thumbprint is correct for both Local Manager sites.

  • This can be checked on the Global Manager, System Location Manager, under the site location Actions > Edit Settings and Check Version Compatibility.
    • If it fails the thumbprint may need to be updated for both locations.
  • The thumbprint can be collected by logging on to each local manager site and running the command 'get certificate cluster thumbprint' in admin mode.

Additional Information

References:


Impact/Risks:

  • Cannot view group members on the Global Manager.
  • Local manager sites are not synced with the Global Manager.