vCenter certificate replacement failure message in UI occurs for isolated WLD with shared NSXT
search cancel

vCenter certificate replacement failure message in UI occurs for isolated WLD with shared NSXT

book

Article ID: 371154

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • The below exception can be seen in /var/log/vmware/vcf/operationsmanager/operationsmanager.log

    YYYY-MM-DDTHH:MM:SS.798+0000 ERROR [vcf_om,6658770602302a883f6832054a010e67,490b] [c.v.v.c.n.s.impl.NsxtWs1bServiceImpl,om-exec-15] Failed to update the OIDC thumbprint info for nsx01.example.com { "httpStatus" : "NOT_FOUND", "error_code" : 600, "module_name" : "common-services", "error_message" : "The requested object : OidcEndPoint/2642ad055aed9aeef5bfad04a7674f79014eadc23fd9e565b175109e3ff98d9b could not be found. Object identifiers are case sensitive." }
    com.vmware.evo.sddc.common.core.error.FederatedBrokerIdentityException: {
      "httpStatus" : "NOT_FOUND",
      "error_code" : 600,
      "module_name" : "common-services",
      "error_message" : "The requested object : OidcEndPoint/2642ad055aed9aeef5bfad04a7674f79014eadc23fd9e565b175109e3ff98d9b could not be found. Object identifiers are case sensitive."
    }

Environment

VCF 5.2

Cause

When certificate replacement of an isolated vCenter is performed, after the retrust with NSXT is successful, as the last step NSXT OIDC endpoint gets updated with the vCenter thumbprint. In the failure scenario, the NSXT OIDC endpoint is trying to get updated with the thumbprint of another vCenter in an isolated workload domain which shares the same NSXT.

Resolution

This will be fixed in VCF 5.2.1.

Note: There is no impact for the environment and the failure message can be ignored.

Powered by Wolken Software