GM UI showing error Unable to fetch TransportZoneListResultDto List from NSX, enforcement point default
Article ID: 322516
Updated On:
Products
VMware NSX
Issue/Introduction
- You're running NSX federation
- You're attempting to onboard a site.
- You observe an error similar to the following in the UI
- You observe the following entries in the Global Manager under
/var/log/gmanager/gmanager.log
...
yyyy-mm-ddThh:mm:ss <gloabl-manager-fqdn> NSX 12556 SYSTEM [nsx@6876 comp="global-manager" errorCode="MP100" level="ERROR" subcomp="global-manager"] I/O error on GET request for "https://<nsx-magaer-ip>/api/v1/cluster/backups/overview": readHandshakeRecord; nested exception is javax.net.ssl.SSLException: readHandshakeRecord
...
yyyy-mm-ddThh:mm:ss <gloabl-manager-fqdn> NSX 12556 SYSTEM [nsx@6876 comp="global-manager" errorCode="MP100" level="ERROR" subcomp="global-manager"] I/O error on GET request for "https://<nsx-magaer-ip>/api/v1/cluster/backups/overview": Connection reset; nested exception is javax.net.ssl.SSLException: Connection reset
...
yyyy-mm-ddThh:mm:ss <gloabl-manager-fqdn> NSX 12556 SYSTEM [nsx@6876 comp="global-manager" errorCode="MP100" level="ERROR" subcomp="global-manager"] I/O error on GET request for "https://<nsx-magaer-ip>/api/v1/cluster/backups/overview": readHandshakeRecord; nested exception is javax.net.ssl.SSLException: readHandshakeRecord
...
yyyy-mm-ddThh:mm:ss <gloabl-manager-fqdn> NSX 12556 SYSTEM [nsx@6876 comp="global-manager" errorCode="MP100" level="ERROR" subcomp="global-manager"] I/O error on GET request for "https://<nsx-magaer-ip>/api/v1/cluster/backups/overview": Connection reset; nested exception is javax.net.ssl.SSLException: Connection reset
...
- You have expiring certificates in one or more of the onboarded federation sites which can be verified either from the NSX UI via System > Settings > Certificates or if you observe the following entry under
/var/log/proton/nsxapi.log
<date-time-02> ERROR http-nio-127.0.0.1-7440-exec-15 CertificateUtil 4265 SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP2002" level="ERROR" reqId="<uuid>" subcomp="manager" username="admin"] Certificate expired, current date should not be after <date-time-01>
Where <date-time-02> is after <date-time-01>
Where <date-time-02> is after <date-time-01>
Environment
- VMware NSX-T Data Center
- VMware NSX
Cause
Onboarding of a site requires synchronization with the rest of the site. The synchronization would fail if there are any expired certificates in the environment.
Note, it is important to check on all Local Managers and all Global manager for expired certificates.
Resolution
Make sure that all the certificates in the federation setup are valid to avoid this issue. If you have expired certificates please follow the document Replace Certificates to keep the certificates up to date.
Feedback
Yes
No
Powered by
