NSX to SSP connection remain down on site on SSP, post NSX Backup and Restore
search cancel

NSX to SSP connection remain down on site on SSP, post NSX Backup and Restore

book

Article ID: 390751

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

After restoring NSX managers from backup, connection to SSP remain down. In NSX manager UI, NSX Application Platform Health and NSX Application Platform Communication alarms are visible.

In SSP UI's System → Overview view, users can see the manager is in "Not Ready" state:

Likewise in System → NSX Managers view, users again can see the manager is in "Not Ready" state, and clicking on the "View Details" under Connectivity Agent, users can see the sync service(s) is/are "Down".

Environment

SSP versions with NSX versions 4.2.0, and 4.2.1, after restoring NSX managers from backup. 

Cause

An issue in early NSX 4.2 versions prevents synchronization of NSX agent certificates from the trust-management database to on disk keystores after proton restart.  As a result, NSX agent's on disk keystores are not getting re-created from database after restore from backups.

Errors can be seen in NSX's /var/log/proton/nsxapi.log after NSX managers are restored from backup.  Specifically the following logs clearly indicate the absence of these files

2025-03-12T06:06:38.494Z ERROR GMLE-Leadership-Executor DefaultSslEngineFactory 3387565 Modification time of key store could not be obtained: /home/secureall/secureall/.store/.commonagent_keystore
java.nio.file.NoSuchFileException: /home/secureall/secureall/.store/.commonagent_keystore

2025-03-12T06:07:42.333Z ERROR common-agent-alarm-start-stop DefaultSslEngineFactory 3387565 Modification time of key store could not be obtained: /home/secureall/secureall/.store/.commonagent_keystore
java.nio.file.NoSuchFileException: /home/secureall/secureall/.store/.commonagent_keystore

Resolution

From SSP UI, navigate to System → NSX Managers view.  Offboard the existing NSX Manager:

Subsequently, "Reconnect" the NSX manager:

Additional Information

If the resolution mentioned in this KB does not address your issue, refer to the Master KB for NSX Onboarding Issues, which lists all known onboarding scenarios, causes, and troubleshooting methods.

Powered by Wolken Software