The issue occurred after an upgrade of the Federation GM or LM from 3.x to 4.1.x . When editing the site, you may see the following error:

Error: Communication error encountered with reason 503 InternalServerError (Error code: 530039)

In gmanager-ui.log:

 [nsx@6876 comp="global-manager" level="INFO" reqId="b9ba46dc-####-####-####-053b9803f590" subcomp="global-manager" username="admin"] {"user":"","message":"Api Errors->","messageData":{"headers":{"normalizedNames":{},"lazyUpdate":null},"status":400,"statusText":"OK","url":"https://example.com/global-manager/api/v1/global-infra/onboarding-check-compatibility","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://example.com/global-manager/api/v1/global-infra/onboarding-check-compatibility: 400 OK","error":{"httpStatus":"BAD_REQUEST","error_code":530039,"module_name":"Policy","error_message":"Communication error occurred with reason example.com: Name or service not known"}},"level":"Error","browser":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36","time":"Mon May 09 2022 19:43:03 GMT-0400 (Eastern Daylight Time)","location":"/app/system/home/location-manager/home"}

VMware NSX 4.x

The VIP certificate chain is generated in the wrong order.

This issue is resolved in VMware NSX 4.2.0, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

Workaround:

Manually correct the VIP certificate chain order to leaf - intermediate - root order and remove extra 'bag attributes' if there is any.

GM will unable to connect to LM by VIP FQDN/IP.