Failed to register Policy appliance with NSX Manager (Error code: 500023) on NSX Global Manager
search cancel

Failed to register Policy appliance with NSX Manager (Error code: 500023) on NSX Global Manager

book

Article ID: 388592

calendar_today

Updated On:

Products

VMware NSX-T Data Center VMware NSX

Issue/Introduction

  • The Local Manager connection is Down with a thumbprint mismatch error
  • After a certificate replacement, you try to update the new thumbprint of the Local Manager on the global manager
  • The thumbprint update fails with error Failed to register Policy appliance with NSX Manager: local-manager-1.corp.local, Cause:503 InternalServerError (Error code: 500023)
  • The error logs on the Global Manager gmanager.log shows the below snippets

    2025-01-23T11:17:04.077Z  INFO http-nio-127.0.0.1-64440-exec-39 EnforcementPointNsxClientUtil 8129 POLICY [nsx@6876 comp="global-manager" level="INFO" reqId="78d1####-d12a-####-a081-1332####4fde" subcomp="global-manager" username="admin"] Trying to import policy certificate on NSX Manager. Try 1
    2025-01-23T11:17:04.132Z  INFO http-nio-127.0.0.1-64440-exec-39 EnforcementPointNsxClientUtil 8129 POLICY [nsx@6876 comp="global-manager" level="INFO" reqId="78d1####-d12a-####-a081-1332####4fde" subcomp="global-manager" username="admin"] Getting certificates from MP:local-manager-1.corp.local
    2025-01-23T11:17:04.238Z  WARN http-nio-127.0.0.1-64440-exec-39 JsonUtils 8129 POLICY [nsx@6876 comp="global-manager" level="WARNING" reqId="78d1####-d12a-####-a081-1332####4fde" subcomp="global-manager" username="admin"] Could not extract object for Type class com.vmware.nsx.management.common.exceptions.ErrorClassDto.
    com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input
     at [Source: (String)""; line: 1, column: 0]
            at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:59) ~[jackson-databind-2.13.2.2.jar:2.13.2.2]
    2025-01-23T11:17:04.238Z  WARN http-nio-127.0.0.1-64440-exec-39 ServiceUnavailableException 8129 POLICY [nsx@6876 comp="global-manager" level="WARNING" reqId="78d1####-d12a-####-a081-1332####4fde" subcomp="global-manager" username="admin"] Could not extract NSX error from exception org.springframework.web.client.HttpClientErrorException: 503 InternalServerError

Environment

VMware NSX-T Data Center 3.2.1 or lower

Cause

The Global manager sends API requests to the Local Manager to fetch the MGMT_CLUSTER certificate. By default, the API request is sent without the page_size parameter set and so only 50 certificates are retrieved. If the MGMT_CLUSTER certificate is not part of it because of large number of certificates in the LM inventory, the registration fails.

Resolution

  • This is a known issue and it is resolved in VMware NSX 3.2.2 or later, 4.0.2 or later and 4.1.0 or later releases.
  • Workaround:
    Upgrade the Global Manager to version where the issue is resolved.
Powered by Wolken Software