When you try to deploy a VM from Ops Manager or Bosh, it fails with an error similar to:
"Unknown CPI error ''Unknown'' with message ''Peer certificate cannot be authenticated with given CA certificates''
In the bosh debug task, you see the entries similar to:
{"time":1568367427,"stage":"Applying problem resolutions","tags":[],"total":1,"task":"VM for ''worker/e2c99a64-5a6e-43f7-872a-a9d1efe76ea4 (3)'' missing. (missing_vm 286): Recreate VM and wait for processes to start","index":1,"state":"started","progress":0}
{"time":1568367530,"stage":"Applying problem resolutions","tags":[],"total":1,"task":"VM for ''worker/e2c99a64-5a6e-43f7-872a-a9d1efe76ea4 (3)'' missing. (missing_vm 286): Recreate VM and wait for processes to start","index":1,"state":"failed","progress":100,"data":{"error":"Unknown CPI error ''Unknown'' with message ''Peer certificate cannot be authenticated with given CA certificates'' in ''set_vm_metadata'' CPI method"}}
{"time":1568367530,"error":{"code":100,"message":"Error resolving problem ''17300'': Unknown CPI error ''Unknown'' with message ''Peer certificate cannot be authenticated with given CA certificates'' in ''set_vm_metadata'' CPI method"}}
', "result_output" = '', "context_id" = '' WHERE ("id" = 400832)
D, [2019-09-13T09:38:50.923973 #20443] [task:400832] DEBUG -- DirectorJobRunner: (0.000596s) (conn: 70011322538980) COMMIT
I, [2019-09-13T09:38:50.924156 #20443] [] INFO -- DirectorJobRunner: Task took 2 minutes 0.9576896119999958 seconds to process.
This issue occurs if NSX-T Manager certificate provided in the Bosh&PKS tile is expired.
To resolve this issue, replace the NSX-T Manager certificate and apply changes from Ops Manager.
For more information on cert replacement in NSX-T, see the below documentation: