The join management-plane process may take longer if NSX Manager and Transport Node are not time-synchronized
search cancel

The join management-plane process may take longer if NSX Manager and Transport Node are not time-synchronized

book

Article ID: 379454

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • Edge takes long time to complete join management-plane process.
  • NSX Manager time is behind Edge.
  • Edge syslog shows NSX Manager took long time to connect after join management-plane on Edge.
    syslog
    2024-08-19T18:57:31.268Z Edge NSX *** - [nsx@*** comp="nsx-edge" subcomp="cli" username="admin" level="INFO"] {***} CMD: join management-plane <MP IP> thumbprint <cert> username admin
    ...
    2024-08-> 20T03:58:15.291Z Edge NSX *** - [nsx@*** comp="nsx-edge" subcomp="nsx-proxy" s2comp="mpa-proxy-lib" tid="***" level="INFO"] ForwardingEngine: ConnectionUp uuid - ***, endpoint - ssl://<MP IP>:1234
  • NSX Manager appl-proxy log shows a 'Certificate validation failed' error and that the connection was established long time later.
    appl-proxy.log
    2024-08-19T09:57:11.473Z NSX Manager NSX *** - [nsx@*** comp="nsx-manager" subcomp="appl-proxy" tid="***" level="INFO"] Received valid certificate -----BEGIN CERTIFICATE-----[...]-----END CERTIFICATE-----#012 in the request with uuid:***
    ...
    2024-08-19T17:36:05.504Z NSX Manager NSX *** - [nsx@*** comp="nsx-manager" subcomp="appl-proxy" s2comp="nsx-net" tid="***" level="ERROR" errorCode="NET1111"] Certificate validation failed: ***-certificate is not yet valid [...]
    ...
    2024-08-19T18:57:43.237Z NSX Manager NSX *** - [nsx@*** comp="nsx-manager" subcomp="appl-proxy" tid="***" level="INFO"] TnConnMgr: OnServerConnectionUpDown: ConnInfo:{id: [...] } Status:Up

Environment

VMware NSX

Cause

The time isn't synchronized between the NSX Manager and the Transport Nodes (ESXi / Edge).

Resolution

Before executing join management-plane on the Edge side, ensure that the time is synchronized between NSX Manager and Transport Nodes (ESXi / Edge).
Check the clock and NTP server settings by logging into the NSX Manager and NSX Edge nodes with admin privileges and running these commands:
# get clock
# get ntp-server

Note: For changing NTP setting, see Configuring NTP on Appliances and Transport Nodes and Use NTP Servers for Time and Date Synchronization of a Host.
After change NTP time configuration, restart the transport nodes to make sure clock is synchronized with the NTP servers.

Additional Information

For a Bare Metal Edge, set the hardware clock to UTC.

Powered by Wolken Software