After installing or upgrading NSX Intelligence appliance, Fail to Update IP address, Certificate and Thumbprint
search cancel

After installing or upgrading NSX Intelligence appliance, Fail to Update IP address, Certificate and Thumbprint

book

Article ID: 319123

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Installing or upgrading to NSX Intelligence Appliance 1.1.0/1.2/1.2.1,
  • The NSX Intelligence appliance fails to update the IP address, Certificate and Thumbprint of NSX Manager unified appliance.

Environment

VMware NSX-T Data Center 3.x.x
VMware NSX 4.x.x 

NSX-T Intelligence 1.1.0/1.2/1.2.1

Cause

In NSX Intelligence versions 1.1.0, 1.2, and 1.2.1, the IP address, certificate thumbprint, and node certificate of the NSX Manager that deploys NSX Intelligence are stored on the NSX Intelligence appliance.

If the NSX Manager is deleted, or its IP address or node certificate is changed, you must manually update this information on the NSX Intelligence appliance. Otherwise, certain functions will fail after installation or upgrade.

Resolution

Workaround:

Update NSX Intelligence appliance with the new or changed NSX Manager information.

For example, as part of deployment, NSX Intelligence appliance is deployed and registered with NSX Manager (IP: 10.10.0.10, thumbprint: old_t, node certificate: old_c)

Now if this NSX Manager appliance is deleted or its IP/node certificate changed, you need to update NSX Intelligence appliance with the new or changed NSX Manager appliance information.

  1. Collect NSX Manager appliance information.
    1. Pick an NSX Manager IP from the UI and login via SSH to the node as admin user.
    2. Get the node certificate by executing the following command on nsx-cli:
      For example:
      nsxmanager-1> get certificate api
      -----BEGIN CERTIFICATE-----
      ..cert snipped...
      -----END CERTIFICATE-----       
    3. Get the thumbprint of the certificate using this command:
      For example:
      nsxmanager-12> get certificate api thumbprint
      thumbprint_of_the_cert_printed_here
  2. Update the information on NSX Intelligence node.
    1. Log in to NSX Intelligence node via SSH as admin user.
    2. Update the IP and Certificate thumbprint using this command:
      For example:
      intelligence-cli> update intelligence manager node host-ip-addr 10.10.0.10 cert-thumbprint thumbprint_of_the_cert_printed_here 
    3. Update the NSX Manager node certificate on NSX Intelligence using this command:
      For example:
      intelligence-cli> update intelligence manager node certificate <certificate-from-step1.2-in base64-format>
  3. Optional steps required in certain scenarios:
    1. If the above steps were performed during or after upgrade from NSX Intelligence version 1.0.0, update the NSX UA cluster certificate stored on NSX Intelligence.
    2. Get cluster certificate from NSX UA. Call the API on NSX Manager: 
      https://{{nsx_ua_server}}/api/v1/trust-management/certificates?type=cluster_api_certificate
    3. Get the cluster certificate pem_encoded field in base64 format: 
      echo -e "<value_of_pem_encoded_from_json_response>" | base64
      LS0tL...snipped...S0KCg==       
    4. Update the certificate information on NSX Intelligence:
      For example:
      intelligence-cli> update intelligence manager cluster certificate <certificate-from-step3.1.2-in base64-format>
    5. Restart proxy on NSX Intelligence with this command:
      restart service http 
    6. If the above steps were performed during or after upgrade, also restart the nsx-config service on NSX Intelligence appliance using this command:
      restart service nsx-config 
    7. After waiting for a brief period of time post service restart - refresh your browser to ensure NSX Intelligence UI features are (re)loaded.



Powered by Wolken Software