NSX-T Federation assigning Certificate to Local Manager fails with "Expected 1 local site certificate with service type LOCAL_MANAGER but found 0."
search cancel

NSX-T Federation assigning Certificate to Local Manager fails with "Expected 1 local site certificate with service type LOCAL_MANAGER but found 0."

book

Article ID: 322422

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • NSX-T Federation is being used
  • The certificate for the Local Manager has expired.
  • Expired Local manager certificate was removed.
  • Replacing a local manager certificate and first removed the old one.
  • Attempting to assign a new certificate to the Local manager with the below API fails:
POST https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=apply_certificate&service_type=LOCAL_MANAGER
  • Error observed on failure:
        "Expected 1 local site certificate with service type LOCAL_MANAGER but found 0."



Environment

  • VMware NSX

Cause

This issue occurs when the original local manager certificate was removed before the new one was applied.

Resolution

Create a new Certificate and Reserve it for Local Manager.

Obtain the Site ID on the local manager, as root user:

  • cd /config/site-manager
  • cat siteId -> this is the site ID for the local manager.


Then with the site ID and certificate ID for the new certificate, run the following API to reserve the new certificate for the Local manager site as root user:

curl -X POST -H "Content-Type: application/json" -H 'X-NSX-Username:admin' -d '{"service_type":"LOCAL_MANAGER","node_id":"<site-id>"}' "http://127.0.0.1:7440/nsxapi/api/v1/trust-management/certificates/<cert-id>?action=reserve"


Note: Please review the Administration guide or further details on replacing a Federation certificate.

Additional Information

Impact/Risks:  Unable replace the Local Manager Certificate.

Powered by Wolken Software