The CARR python script for NSX Manager certificates stops progressing after entering a node's password in a Federated Environment
search cancel

The CARR python script for NSX Manager certificates stops progressing after entering a node's password in a Federated Environment

book

Article ID: 396308

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The Certificate Analyzer, Results and Recovery (CARR) script automates NSX Manager certificate replacement and some other related certificate maintenance tasks. It is available as an attachment on this KB article, which also provides instructions for installation and execution.

During the initial stages of running the script, while asking for root and admin credentials for various nodes across Global and Local Manager clusters, the script can stop working without indicating why.

A failure due to an incorrect password will indicate the credential issue which needs to be corrected. However, if the setting "Permit ssh root login" is not enabled on an NSX Manager node when the script attempts to connect, there will be no error message. The script will cease execution and appear to be stuck and not moving to the next prompt.

 

Environment

VMware NSX 4.x
VMware NSX-T Data Center 3.2.x

Cause

If the CARR script is unable to access any of the nodes via SSH, prompts for root and admin credentials will stop and the script will hang indefinitely without indicating why due to the script's order of operations.

Resolution

  1. Use Control + C to terminate the running script.
  2. Open an SSH session to each Global Manager and Local Manager appliance node to test that SSH access is enabled and that logging in with the admin account and with the root account is successful. See Enable ssh root access for NSX appliances for instructions. 
  3. Restart the script again. The node(s) that have been updated to allow ssh access should now also come up when credentials are asked for.

Additional Information

If you are contacting Broadcom support about this issue, please provide the following:

  • NSX Manager log bundles
  • Text of any error messages seen in NSX GUI or command lines pertinent to the investigation
  • A screenshot showing the display where the CARR script is being run 

Handling Log Bundles for offline review with Broadcom support