When adding vIDM users in NSX, the interface remains on "Loading", and no users are displayed
search cancel

When adding vIDM users in NSX, the interface remains on "Loading", and no users are displayed

book

Article ID: 396254

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When adding vIDM users in NSX Manager, user interface shows "Loading", and no users are returned



  • The following log messages may appear in the NSX Manager log file:
    /var/log/proton/nsxapi.log
    INFO task-scheduler-8 VidmOAuth2ResourceHelper 5123 Init vidm timeout to 4000 ms.
    WARN task-scheduler-8 NsxTrustManager 5123 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] Certificate expired for CN=xxx.xxx.xxx.xx,OU=xx-xx,O=xx,L=xx,ST=xx xx,C=xx
    INFO task-scheduler-8 NsxTrustManager 5123 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] checkServerTrusted: CN=xxx.xx.xx.xx,OU=xx-xx,O=xx,L=xx,ST=xx,C=xx for authType=ECDHE_RSA failed: Certificate expired for CN=xxx.xxx.xx.xx,OU=xx-xx,O=xx,L=xx,ST=xx ,C=xx
    2025-04-24T03:10:19.591Z  INFO task-scheduler-8 VidmServiceImpl 5123 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Error connecting to vidm
    org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Error requesting access token.
    at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:145) ~[?:?]
    at org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider.obtainAccessToken(ClientCredentialsAccessTokenProvider.java:44) ~[?:?]
    at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:148) ~[?:?]
    at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121) ~[?:?]

    Note : CN=xxx.xxx.xxx.xx will be IP address of vIDM server

Environment

VMware NSX

Cause

  • This issue is caused by expired certificate on vIDM server node, which is disrupting communication between the NSX Manager and vIDM.
  • The expired certificate is blocking the establishment of a secure connection to the vIDM service, which is required for retrieving access tokens.

Resolution

  • Renew the expired certificate on the vIDM server.
  • Update the SSL thumbprint in the NSX Manager to reflect the new certificate.
  • Verify connectivity between NSX and vIDM after the update.

Additional Information

Use the following commands to verify expiration of certificate on vIDM server:
openssl s_client -showcerts -connect <FQDN>:443 | openssl x509 -noout -dates
or
curl https://<FQDN> -vk 2>&1 | grep 'expire '


Powered by Wolken Software