Issues with universal object replication after changing SSL certificate on secondary NSX Manager
search cancel

Issues with universal object replication after changing SSL certificate on secondary NSX Manager

book

Article ID: 342496

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
In the cross-vCenter NSX Environment, you experience these symptoms:
  • Creating an universal object fails on the secondary NSX Manager.
  • Certificate was changed on the secondary NSX Manager.
  • In the replicator.log file, you see an error similar to:

    ERROR pool-4-thread-1 SecondaryReplicationQueue$SecondaryEventDispatcher:151 - Failed to handle event ReplicationEvent [objectId=null, objectType=VirtualWire, eventType=FULL_SYNC] on secondary 92082c51-738c-41f7-99c5-eb82d1b0d597 com.vmware.vshield.replicator.providers.ReplicatorException:
    nsx-replicator-mgmt:160307:REST API invocation error.:org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://xx.xx.xx.xx:443/api/2.0/services/common/query/universal/VirtualWire": com.vmware.vshield.commons.utils.trust.UntrustedCertificateException: ; nested exception is javax.net.ssl.SSLException: com.vmware.vshield.commons.utils.trust.UntrustedCertificateException:


Environment

VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x

Cause

The primary NSX Manager contains certificate thumbprint for each of the secondary NSX Managers. If a certificate on the secondary manager which is a part of NSX Cluster is changed, the replication is breaks as the certificate thumbprint is different.

Resolution

To resolve the issue:
  1. Log in to the vSphere Web Client.
  2. Navigate to Installation > Management.
  3. Click Primary NSX Manager > Actions > Update Secondary Manager.
  4. Select the secondary NSX Manager to update.
  5. Click OK.
  6. Accept the certificate of the secondary NSX Manager.