SDDC Manager password remediation for NSX-T Manager / NSX-T Edge nodes fails because of Certificate subject alternative names mismatch
search cancel

SDDC Manager password remediation for NSX-T Manager / NSX-T Edge nodes fails because of Certificate subject alternative names mismatch

book

Article ID: 378451

calendar_today

Updated On:

Products

VMware SDDC Manager VMware Cloud Foundation

Issue/Introduction

  • NSX-T Manager and NSX-T Edge nodes root/admin/audit account disconnected in SDDC Manager
  • Password remediation from SDDC Manager fails because of mismatched subject alternative names in NSX-T Manager certificate.
  • Error in /var/log/vmware/vcf/opearionsmanager.log 
    ERROR [vcf_om,xxxxxxxx074a,64c7] [c.v.v.p.u.changers.NsxtEdgeChanger,om-exec-21] Exception occurred while testing NSXT Edge node credentials
com.vmware.vapi.client.exception.SslException: Certificate for <nsxlb01.example.com> doesn't match any of the subject alternative names: [<nsx node1 ip>, <nsx node2 ip>, <nsx node3 ip>, nsx01.example.com, nsx02.example.com, nsx03.example.com, nsxlb01.example.com]


Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Cause

Mismatched subject alternative names in NSX-T Manager certificate.

Resolution

  1. Replace NSXT Manager certificate with matching subject alternative names and FQDN
  2. Remediate Password for the disconnected account in SDDC Manager
Powered by Wolken Software