Relinking vCenter Server Appliance and NSX-T after VCSA PNID or SSL certificate change
search cancel

Relinking vCenter Server Appliance and NSX-T after VCSA PNID or SSL certificate change

book

Article ID: 320144

calendar_today

Updated On:

Products

VMware NSX VMware vCenter Server

Issue/Introduction

This article provides information on how to modify VCSA PNID or SSL certificates when communication between vCenter Server Appliance (VCSA) and NSX-T Data Center fails.

Environment

VMware NSX

VMware vCenter Server

Resolution

Note: These steps do not include updating communication parameters between VCSA and NSX-T. After the VCSA PNID or SSL certificate has been successfully changed and all VCSA services have been restarted. Addition steps must be taken to update communication parameters between VCSA and NSX-T.  These steps are as follows:

  1. Log into the VCSA appliance as root.
  2. Run this command: 

    /usr/lib/vmware-wcp/relink_nsx.py

    For example:

    /usr/lib/vmware-wcp/relink_nsx.py
    Enter password for NSX user 'admin'
    Password: <Password of NSX built-in user 'admin'>

    2020-02-19T17:56:07.987Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmp_qiji6me']
    2020-02-19T17:56:08.018Z Done running command
    2020-02-19T17:56:08.019Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getkey', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmpk052r6u4']
    2020-02-19T17:56:08.046Z Done running command
    2020-02-19T17:56:08.650Z Updating CM; NSX: ###.###.###.###:443, id: ########-####-####-####-############, VC: example.vmware.com, SSL: ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
    2020-02-19T17:56:21.447Z Updated CM: {'server': '<fqdn>', 'origin_type': 'vCenter', 'credential': {'thumbprint': '##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##', 'credential_type': 'SessionLoginCredential'}, 'origin_properties': [{'key': 'fullName', 'value': 'VMware vCenter Server 7.0.0 build-33446796'}, {'key': 'localeVersion', 'value': 'INTL'}, {'key': 'version', 'value': '7.0.0'}, {'key': 'originComputeManagerDescription', 'value': ''}, {'key': 'apiVersion', 'value': '7.0.0.0'}, {'key': 'build', 'value': '33446796'}, {'key': 'vendor', 'value': 'VMware, Inc.'}, {'key': 'licenseProductName', 'value': 'VMware VirtualCenter Server'}, {'key': 'name', 'value': 'VMware vCenter Server'}, {'key': 'osType', 'value': 'linux-x64'}, {'key': 'instanceUuid', 'value': '########-####-####-####-############'}, {'key': 'originComputeManagerName', 'value': 'VMware vCenter Server'}, {'key': 'localeBuild', 'value': '000'}, {'key': 'licenseProductVersion', 'value': '7.0'}, {'key': 'apiType', 'value': 'VirtualCenter'}, {'key': 'productLineId', 'value': 'vpx'}], 'trust_as_auth_server': False, 'reverse_proxy_https_port': 443, 'resource_type': 'ComputeManager', 'id': '########-####-####-####-############', 'display_name': '########-####-####-####-############', 'description': '', '_create_user': 'admin', '_create_time': 1581963548474, '_last_modified_user': 'admin', '_last_modified_time': 1582134971314, '_protection': 'NOT_PROTECTED', '_revision': 16}
    2020-02-19T17:56:21.471Z Updating OIDC EP; NSX: ###.###.###.###:443, id: ################################, VC: <fqdn>, SSL: ################################
    2020-02-19T17:56:22.139Z Updated OIDC EP: {'oidc_uri': 'https://<fqdn>/openidconnect/vsphere.local/.well-known/openid-configuration', 'thumbprint': '################################', 'oidc_type': 'vcenter', 'issuer': 'https://<fqdn>/openidconnect/vsphere.local', 'jwks_uri': 'https://<fqdn>/openidconnect/jwks/vsphere.local', 'resource_type': 'OidcEndPoint', 'id': '################################', 'display_name': '################################', '_system_owned': False, '_create_user': 'admin', '_create_time': 1582134982050, '_last_modified_user': 'admin', '_last_modified_time': 1582134982050, '_protection': 'NOT_PROTECTED', '_revision': 0}
    2020-02-19T17:56:22.171Z Updating NSX UI plugin registration; VC: example.vmware.com, SSL: ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
    2020-02-19T17:56:22.342Z Updated NSX UI plugin