Issues with universal object replication after changing SSL certificate on secondary NSX Manager
Article ID: 342496
Updated On:
Products
VMware NSX for vSphere
Issue/Introduction
Symptoms:
In the cross-vCenter NSX Environment, you experience these symptoms:
- Creating an universal object fails on the secondary NSX Manager.
- Certificate was changed on the secondary NSX Manager.
- In the replicator.log file, you see an error similar to:
ERROR pool-4-thread-1 SecondaryReplicationQueue$SecondaryEventDispatcher:151 - Failed to handle event ReplicationEvent [objectId=null, objectType=VirtualWire, eventType=FULL_SYNC] on secondary 92082c51-738c-41f7-99c5-eb82d1b0d597 com.vmware.vshield.replicator.providers.ReplicatorException:
nsx-replicator-mgmt:160307:REST API invocation error.:org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://xx.xx.xx.xx:443/api/2.0/services/common/query/universal/VirtualWire": com.vmware.vshield.commons.utils.trust.UntrustedCertificateException: ; nested exception is javax.net.ssl.SSLException: com.vmware.vshield.commons.utils.trust.UntrustedCertificateException:
Environment
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x
Cause
The primary NSX Manager contains certificate thumbprint for each of the secondary NSX Managers. If a certificate on the secondary manager which is a part of NSX Cluster is changed, the replication is breaks as the certificate thumbprint is different.
Resolution
To resolve the issue:
- Log in to the vSphere Web Client.
- Navigate to Installation > Management.
- Click Primary NSX Manager > Actions > Update Secondary Manager.
- Select the secondary NSX Manager to update.
- Click OK.
- Accept the certificate of the secondary NSX Manager.
Feedback
Yes
No
Powered by
