SDDC Manager password remediation for NSX-T Manager / NSX-T Edge nodes fails because of Certificate subject alternative names mismatch

search cancel

SDDC Manager password remediation for NSX-T Manager / NSX-T Edge nodes fails because of Certificate subject alternative names mismatch

book

Article ID: 378451

calendar_today

Updated On:

Products

VMware SDDC Manager VMware Cloud Foundation

Issue/Introduction

NSX-T Manager and NSX-T Edge nodes root/admin/audit account disconnected in SDDC Manager
Password remediation from SDDC Manager fails because of mismatched subject alternative names in NSX-T Manager certificate.

Error in /var/log/vmware/vcf/operationsmanager.log

ERROR [vcf_om,xxxxxxxx074a,64c7] [c.v.v.p.u.changers.NsxtEdgeChanger,om-exec-21] Exception occurred while testing NSXT Edge node credentials
com.vmware.vapi.client.exception.SslException: Certificate for <nsxlb01.example.com> doesn't match any of the subject alternative names: [<nsx node1 ip>, <nsx node2 ip>, <nsx node3 ip>, nsx01.example.com, nsx02.example.com, nsx03.example.com, nsxlb01.example.com]

Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Cause

Mismatched subject alternative names in NSX-T Manager certificate.

Resolution

Replace NSXT Manager certificate with matching subject alternative names and FQDN
- Refer Managing Certificates in VMware Cloud Foundation
  - Make sure to include all Subject Alternative Names of all NSX-T Managers in the NSX-T Manager cluster with: Add the Subject Alternative Names
Remediate Password for the disconnected account in SDDC Manager
- Refer Remediate Passwords

Additional Information

Feedback

thumb_up Yes

thumb_down No