NSX-T 3.2.2 ESXi host installation stuck at 0%
search cancel

NSX-T 3.2.2 ESXi host installation stuck at 0%

book

Article ID: 324237

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • NSX-T Data Center 3.2.2
  • ESXi host installation is initiated but hangs at 0%
  • ESXi hosts are configured with a chained certificate
  • In the NSX Manager log /var/log/proton/nsxapi.log an exception is observed e.g.
2022-11-21T09:55:00.719Z ERROR providerTaskExecutor-98 ProviderInvocationTask 9666 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM500015" level="ERROR" subcomp="manager"] Failed to invoke provider FabricHostNodeProvider
java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 1456
        at java.util.Base64$Decoder.decode0(Base64.java:742) ~[?:1.8.0_342]
        at java.util.Base64$Decoder.decode(Base64.java:526) ~[?:1.8.0_342]
        at com.vmware.nsx.management.service_fabric.sfdm.common.SfdmUtil.getThumbPrintFromPem(SfdmUtil.java:81) 


Environment

VMware NSX-T Data Center 3.x
VMware NSX-T Data Center

Cause

This issue occurs when the ESXi host has a chained certificate e.g. leaf, intermediate, root etc. The certificate is processed incorrectly and NSX cannot begin to install on the host.
ESXi hosts with a single certificate e.g. self signed certificate are not impacted by this issue.
Upgrades to NSX-T 3.2.2 are not impacted.

Resolution

This issue is resolved in NSX-T 3.2.2.1, available from VMware Customer Connect .

Workaround:
Impacted environments should upgrade to 3.2.2.1 or higher.

If an attempt was made to install 3.2.2 and a host is already stuck in 0% state, it may be necessary to clean this up.
Remove NSX from the host, if restrictions apply this can be performed from API using

DELETE http://<NSX mgmt IP>/api/v1/transport-nodes/<TN ID>?force=true&unprepare_host=false