Error Reconnecting Compute Manager to NSX on SDDC-Managed Environment after Certificate Replacement on vCenter
search cancel

Error Reconnecting Compute Manager to NSX on SDDC-Managed Environment after Certificate Replacement on vCenter

book

Article ID: 376477

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Compute Manager disconnected from NSX in production environment after replacing vCenter certificates.

Compute Manager "Connection Status" will show as "Down" on NSX UI.

Similar Error results when attempting to reconnect the compute manager via NSX UI:

  • Failed to remove NSX ownership due to error Error in rest call. url= nsxapi/api//v1/managed-objects/lcm/nsx-ownership/########-####-####-####-############?action=clear , method= PUT , response= { "module_name" : "common-services", "error_message" : "General error has occurred.", "details" : "java.lang.RuntimeException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: Certificate expired for CN=###-##-##.###.#########.####,O=#####,ST=######,C=##", "error_code" : 100 } , error= 500 : "{<EOL> "module_name" : "common-services",<EOL> "error_message" : "General error has occurred.",<EOL> "details" : "java.lang.RuntimeException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: Certificate expired for CN=###-##-##.###.#########.####,O=#####,ST=######,C=##",<EOL> "error_code" : 100<EOL>}<EOL>" .. Please resolve the error and try again

 

Issue will not be due to Thumbprint error as seen here:

Environment

VMware NSX 4.x.

VMware NSX-T 3.x.

 

Cause

Issue is due to Certificate update/replacement process on the vCenter(s), which causes a change in machine SSL and Security Token Service (STS) signing values.

This results in a certificate error on NSX when attempting to re-establish connection to the Compute Manager, which is the impacted vCenter server.

Resolution

If not already performed, please reboot the impacted vCenter and attempt to reconnect.

Please open a support request if this issue persists after the reboot.

Creating and managing Broadcom support cases

Additional Information

This issue may also occur on environments that are not SDDC-Managed.

Other vCenter(s) in the same Enhanced Linked Mode (ELM) configuration with impacted vCenter may show no similar errors.

Additional Error about "EAM Status" may show status as "Down" on NSX UI when Compute Manager is disconnected.

Perform vCenter Diagnostics with VDT (vSphere Diagnostics Tool) to identify underlying vCenter issues.

Powered by Wolken Software