Upgrading an NSX environment from 4.1.0.2.
When running the pre-checks, the following error is seen in the Manager check results:
Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException
Repo Sync is showing green on all the managers. System>Appliances>View Details
Platform Certificates have all show valid and not expired.
Restarting the install-upgrade service does not resolve the issue.
Restarting the NSX Managers does not resolve the issue.
Resetting the Upgrade Plan via API returns HTTP 200 but does not resolve the issue.
POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=HOST
POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=EDGE
POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=MP
Similar messages to those seen in the UI are seen in the syslog file
Login as root > navigate to > var/log/syslog
Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException
You also see messages similar to:
Unsupported cache type in URI
NSX 4.1.0.2
The SSLException error is is due to a Certificate Revocation List (CRL) check that is being performed in 4.1.0.2.
Disable the CRL check:
- Take a backup of your NSX manager. (This is a general precaution when making manager changes. There is no impact to the datapath.)
- Login to the CLI of a manager as root
- Attempt the API call below after taking a backup:
curl -u admin: -i -k -X PUT https://managerIP/api/v1/global-configs/SecurityGlobalConfig -H "Content-Type:application/json" -d '{ "_revision" : 0, "resource_type": "SecurityGlobalConfig", "crl_checking_enabled" : "false", "ca_signed_only" : "false" }'
- Log out of the UI or Refresh and try the prechecks again.