All cluster, nodepool, and Network Function (NF) operations require a secure trust to vCenter via a vSphere certificate thumbprint.
Environment
TCA 3.1
Cause
If a vCenter's certificate has been updated, the vCenter certificate and thumbprint must be updated to restore functionality
Resolution
Re-Import the vCenter Certificate to TCA-M and TCA-CP
Log in to the TCA Appliance Manager <tca-m/tca-cp-ip>:9443.
Click Certificate > Trusted CA Certificate > IMPORT.
Select the trusted certificate type that you want to import and do one of the following:
Browse and select the file to import.
Type the URL of the certificate.
Paste the certificate file content.
Click Apply.
Update the vCenter thumbprint in the TKG Cluster(s).
SSH into the TCA-CP that controls the management clusters using the admin credentials. ssh admin@<tca-cp-ip>
Check connectivity to retrieve the update-vc-tp script. curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-tp.sh | bash -s -- -h NOTE: For airgap environments, users should download the script to another location first, then copy it to the TCA-CP.
Run the script with the vCenter IP curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-tp.sh | bash -s -- -d <vCenter-ip>
Navigate to Connected Endpoints, find the corresponding vCenter, and confirm the status of the vCenter has been modified.
Please click and dismiss the message to acknowledge the vCenter certificate change.