Service Deployment fails in NSX-T Data Center 2.5.0
Article ID: 317678
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- Service Deployment for Endpoint Protection and Network Introspection fails.
- You see these errors similar to:
OVF parsing failed. Error: javax.net.ssl.SSLHandshakeException:
or
Unable to find certificate chain
or
Socket Exception
or
Connection Timeout
or
Error creating agency for deployment unit <UUID>. OVF certification validation failed. Error: Ovf, manifest and certificate files not found. Delete this deployment and create another one.
Environment
VMware NSX-T
Cause
This issue occurs due to a connectivity issues when downloading the OVF for certificate validation. The connection might fail due to:
- The endpoint is HTTPS.
- The port being used is anything other than Port 80.
Resolution
This issue is resolved in VMware NSX-T Data Center 2.5.1
Note: In NSXT 3.x onwards these steps are not required.
For NSX-T 2.5.0/1 the follow steps should be followed:
- In case the OVF is hosted on a port other than Port 80, open the respective port on each NSX Manager in the cluster.
For example, if the OVF is hosted on port 1000, then this port should be opened on each of the NSX-T Managers in the cluster using the root account. After upgrading to VMware NSX-T Data Center 2.5.1:
- Log in to the NSX Manager CLI as administrator.
- Run this command "st e" to switch to root user.
- Run this command "iptables -A OUTPUT -p tcp --dport 1000 -j ACCEPT"
Note: The iptables rule that were manually added will not be available after the NSX Manager appliance is rebooted. Before doing any further fresh deployment, the respective custom port opening step needs to be done again.
Additional Information
Feedback
Yes
No
Powered by
