NSX-T Manager Compute manager trust enabled results in 'Duplicate JWK found in Set' ERROR

search cancel

NSX-T Manager Compute manager trust enabled results in 'Duplicate JWK found in Set' ERROR

book

Article ID: 317910

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

Compute manager is configured in NSX-T with trust, service account and full access right.
Converting the cluster from non-vLCM to vLCM fails with the error:

Error occurred while checking whether NSX-T Data Center is enabled on this cluster.

In the NSX-T reverse-proxy logs, errors similar to the following are present:

reverse-proxy.log-2021-07-09T06:21:07.629Z ERROR https-jsse-nio-10.65.117.148-443-exec-99 ExceptionUtils 5991 - [nsx@6876 comp="nsx-manager" errorCode="MP98" level="ERROR" subcomp="http"] Uncaught exception reverse-proxy.log:org.springframework.security.oauth2.provider.token.store.jwk.JwkException: Duplicate JWK found in Set: 8274AB53A1D39A44E92281846F466D7858F9D2AE (kid)

Environment

VMware NSX-T Data Center
VMware NSX-T

Cause

Two or more entries are present for the same KID (Key ID) in vCenter's JWK (JSON Web Key) set.

Resolution

This issue is resolved in NSX-T Datacenter 3.2. See Download Broadcom products and software

Workaround:

Apply resolution section in the KB
- Signing Certificate is not valid
Restart the reverse-proxy on each manager one by one, log in as root to carry out these steps:
- systemctl stop proxy
Check that it is stopped with:
- systemctl status proxy
Then start:
- systemctl start proxy

Feedback

thumb_up Yes

thumb_down No