Unable to assign NSX nic on VMware IaaS Control Plane Node during deployment with 'Failed to create WCP service PI in NSX'
Article ID: 372526
Updated On:
Products
VMware vSphere Kubernetes Service
Issue/Introduction
On vCenter /var/log/vmware/wcp/wcpsvc.log you can see something like this:
2024-xx-xxT05:08:35.122Z error wcp [kubelifecycle/nsx_pi.go:47] [opID=662b076d] Error creating WCP service principal identity. Err: NSX service-wide principal identity creation failed: Head "https://10.x.x.42:443/api/v1/trust-management/token-principal-identities/": x509: certificate has expired or is not yet valid: current time 2024-xx-xxT08:08:35+03:00 is after 2024-xx-xxT11:48:02Z2024-xx-xxT05:08:35.122Z error wcp [kubelifecycle/controller.go:481] [opID=662b076d-domain-cx] Failed to create WCP service PI in NSX. Err: WCP service principal idenitity creation failed: NSX service-wide principal identity creation failed: Head "https://10.x.x.42:443/api/v1/trust-management/token-principal-identities/": x509: certificate has expired or is not yet valid: current time 2024-xx-xxT08:08:35+03:00 is after 2024-xx-xxT11:48:02Z
Also, on VMware NSX graphic environment you can see Errors showing that there are expired certificates on the System.
Cause
There are expired Certificates on VMware NSX component that prevents the connection with load balancer.
Resolution
Renew VMware NSX expired certificates. After a few seconds, missing Supervisor Cluster Node will be recreated.
follow this links to renew VMware NSX Certificates:
- For VMware NSX T v.3.2 https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/3-2/administration-guide.html
- For VMware NSX v.4.1 https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/administration-guide.html
Feedback
Yes
No
Powered by
