Unable to assign NSX nic on VMware IaaS Control Plane Node during deployment with error 'Failed to create WCP service PI in NSX'
search cancel

Unable to assign NSX nic on VMware IaaS Control Plane Node during deployment with error 'Failed to create WCP service PI in NSX'

book

Article ID: 372526

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

  • On the vCenter server, following log entries can be verified: 
    /var/log/vmware/wcp/wcpsvc.log:

    YYYY-MM-DDT:HH:MM:SSZ error wcp [kubelifecycle/nsx_pi.go:47] [opID=662b076d] Error creating WCP service principal identity. Err: NSX service-wide principal identity creation failed: Head "https://<NSX_IP>:443/api/v1/trust-management/token-principal-identities/": x509: certificate has expired or is not yet valid: current time YYYY-MM-DDT:HH:MM:SSZ is after YYYY-MM-DDT:HH:MM:SSZ
    YYYY-MM-DDT:HH:MM:SSZ error wcp [kubelifecycle/controller.go:481] [opID=662b076d-domain-c#] Failed to create WCP service PI in NSX. Err: WCP service principal idenitity creation failed: NSX service-wide principal identity creation failed: Head "https://<NSX_IP>:443/api/v1/trust-management/token-principal-identities/": x509: certificate has expired or is not yet valid: current time YYYY-MM-DDT:HH:MM:SSZ is after YYYY-MM-DDT:HH:MM:SSZ
  • On NSX UI, errors related to expired certificates are seen. 

Cause

There are expired Certificates on VMware NSX component that prevents the connection with load balancer.

Resolution

Renew VMware NSX expired certificates.

Reference links to renew VMware NSX Certificates:

Powered by Wolken Software