Operation status: 'failure' Error: Backup is not allowed because certificate renewal is in progress
search cancel

Operation status: 'failure' Error: Backup is not allowed because certificate renewal is in progress

book

Article ID: 401077

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Backup cannot be completed with the error "Backup is not allowed because certificate renewal is in progress". 

This error occurs for both manual backup and scheduled backups.

You may find the following error in an NSX Manager's /var/log/syslog: Error during batch operation: null

You may find that View Details in the Certificate Replacement Result section of the System->Certificates page shows certificate Status as Pending or Error.

Environment

VMware NSX 4.2.1+

Cause

The process to automatically replace expiring certificates was added in NSX 4.2.1.  If this replacement is in process, a backup cannot be completed.  The replacement may be stuck due to stale certificates that cannot be replaced automatically.

Resolution

If the replacement is inhibiting backups, it can be disabled as a workaround:

  1. Perform a GET to https://<NSX-Manager-IP>/policy/api/v1/infra/security-global-config to get the current policy. 
  2. The response should have "automatic_appliance_certificate_replacement_enabled": true
  3. Edit the response to set "automatic_appliance_certificate_replacement_enabled" to false.
  4. Perform a PUT operation to https://<NSX-Manager-IP>/policy/api/v1/infra/security-global-config with the altered response
Please consider submitting a support case to Broadcom to identify why the automatic replacement cannot complete. 
Powered by Wolken Software