Issues with universal object replication after changing SSL certificate on secondary NSX Manager
search cancel

Issues with universal object replication after changing SSL certificate on secondary NSX Manager

book

Article ID: 342496

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Creating an universal object fails on the secondary NSX Manager.
  • Certificate was changed on the secondary NSX Manager.
  • In the replicator.log file, you see an error similar to:

    ERROR pool-4-thread-1 SecondaryReplicationQueue$SecondaryEventDispatcher:151 - Failed to handle event ReplicationEvent [objectId=null, objectType=VirtualWire, eventType=FULL_SYNC] on secondary 92082c51-738c-41f7-99c5-eb82d1b0d597 com.vmware.vshield.replicator.providers.ReplicatorException:
    nsx-replicator-mgmt:160307:REST API invocation error.:org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://##.##.##.##:443/api/2.0/services/common/query/universal/VirtualWire": com.vmware.vshield.commons.utils.trust.UntrustedCertificateException: ; nested exception is javax.net.ssl.SSLException: com.vmware.vshield.commons.utils.trust.UntrustedCertificateException:

Environment

  • VMware NSX Data Center for vSphere 6.x
  • Cross-vCenter NSX is configured

Cause

The primary NSX Manager contains a certificate thumbprint for each of the secondary NSX Managers. If a certificate on the secondary manager which is a part of NSX Cluster is changed, the replication is breaks as the certificate thumbprint is different.

Resolution

  1. Log in to the vSphere Web Client.
  2. Navigate to Installation > Management.
  3. Click Primary NSX Manager > Actions > Update Secondary Manager.
  4. Select the secondary NSX Manager to update.
  5. Click OK.
  6. Accept the certificate of the secondary NSX Manager.
Powered by Wolken Software