Error while fetching ovf file. ASN length at position 2 curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name '<nsx-manager-hostname>'
/var/log/syslog
has the following entries:2023-04-28T12:49:01.517Z <nsx-manager-fqdn> NSX 4541 FABRIC [nsx@6876 comp="nsx-manager" errorCode="MP31705" level="ERROR" subcomp="manager"] For [test], error: Error while fetching ovf file. ASN length at position 2#012curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name '<nsx-manager-fqdn>'#012
[<IP>] Unable to connect to File /repository/<version.build>/Manager/vmware-mount/libgobject-2.0.so.0 on source <nsx-manager-fqdn>. Please verify file exists on source and install-upgrade service is up.
/var/log/proton/nsxapi.log
has the following entries:INFO RepoSyncThread-1687161993610 RepoSyncFileHelper 95373 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to get server info for https://nsxt.example.com:443/repository
/4.1.X/<path_to_file> returned result CommandResultImpl [commandName=null, pid=3022439, status=FAILED, errorCode=60, errorMessage=Unexpected ASN length at position 2
curl_wrapper: (60) SSL: no alternative certificate subject name matches target host name '
nsxt
'
OR
INFO RepoSyncThread-1695020706074 RepoSyncFileHelper 4977 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to check if remote file exists for https://nsxt.example.com:443/repository/
4.1.X/<path_to_file> returned result CommandResultImpl [commandName=null, pid=1406936, status=SUCCESS, errorCode=0, errorMessage=null, commandOutput=Unexpected DNS name at position 78
ORINFO RepoSyncThread-1698231201309 RepoSyncFileHelper 2664864 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to check if remote file exists for https://nsxt.example.com:443/
4.1.X/<path_to_file> returned result CommandResultImpl [commandName=null, pid=3775111, status=FAILED, errorCode=51, errorMessage=curl_wrapper: (51) SSL: no alternative certificate subject name matches target host name 'nsxt-fqdn.com', commandOutput=null]
TransportNode c#####-####-####-####-########7552: clientType EDGE , target edge fabric node id c#####-####-####-####-########7552
, return status download_os execution failed with msg: Exception during OS download: Command ['/usr/bin/python3', '/opt/vmware/nsx-common/python/nsx_utils/curl_wrapper', '--show-error', '--retry', '6', '--output', '/image/VMware-NSX-edge-4.2.0.1.0.24210175/files/target.vmdk', '--thumbprint', '2###################################################################1', 'https://nsx-mngr/repository/4.2.0.1.0.24210154/Edge/ovf/nsx-edge.vmdk'] returned non-zero code 28: b'curl_wrapper: (28) Failed to connect to <nsx-mngr> port 443: Connection timed out'
Note:
The NSX version in the above log entry may be any 4.1.X version.
The manager FQDN, could also be an IP address.
This issue is resolved in VMware NSX 4.2.0 available at Broadcom Downloads.
# cp /opt/vmware/nsx-common/python/nsx_utils/curl_wrapper /opt/vmware/nsx-common/python/nsx_utils/curl_wrapper.bak
# cp /tmp/curl_wrapper /opt/vmware/nsx-common/python/nsx_utils/curl_wrapper
Note there are other issues with similar symptoms that should be reviewed and ruled out