Failed to execute method GetRemoteRepoSyncResult error when upgrading NSX
search cancel

Failed to execute method GetRemoteRepoSyncResult error when upgrading NSX

book

Article ID: 373404

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Upgrading an NSX environment from 4.1.0.2.

When running the pre-checks, the following error is seen in the Manager check results:

Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException 

Repo Sync is showing green on all the managers. System>Appliances>View Details

Platform Certificates have all show valid and not expired.

Restarting the install-upgrade service does not resolve the issue.

Restarting the NSX Managers does not resolve the issue.

Resetting the Upgrade Plan via API returns HTTP 200 but does not resolve the issue. 

POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=HOST

POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=EDGE

POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=MP

Similar messages to those seen in the UI are seen in the syslog file

Login as root > navigate to > var/log/syslog

Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException 

You also see messages similar to:

Unsupported cache type in URI

Environment

NSX 4.1.0.2

Cause

The SSLException error is is due to a Certificate Revocation List (CRL) check that is being performed in 4.1.0.2.

 

Resolution

Disable the CRL check:

- Take a backup of your NSX manager. (This is a general precaution when making manager changes. There is no impact to the datapath.)

- Login to the CLI of a manager as root

- Attempt the API call below after taking a backup:

curl -u admin: -i -k -X PUT https://managerIP/api/v1/global-configs/SecurityGlobalConfig -H "Content-Type:application/json" -d '{ "_revision" : 0, "resource_type": "SecurityGlobalConfig", "crl_checking_enabled" : "false", "ca_signed_only" : "false" }'

- Log out of the UI or Refresh and try the prechecks again.

Additional Information