Upload of the .PUB file for NSX upgrade failing with the error "Unable to connect to File"
search cancel

Upload of the .PUB file for NSX upgrade failing with the error "Unable to connect to File"

book

Article ID: 401251

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Upload of the .pub file fails with the below error for NSX upgrade.
    • Error: [Manager IP] Unable to connect to File /repository/4.1.2.6.0.24X/UC/localized_eula/EULAContentMessages_es.properties on source [Manager FQDN]. Please verify that file exists on source and install-up

  • Repo_Sync is failing on one or more managers (Steps to verify the same is down below, in resolution)
  • Certificates have expired on NSX Manager.
  • The following snippets are seen in /var/log/syslog

<Timestamp> [Manager Name] NSX 1366540 - [nsx@6876 comp="nsx-manager" subcomp="curl_wrapper" username="uproton" level="INFO"] Calling '/opt/vmware/nsx-common/python/nsx_utils/curl_wrapper', '--silent', '--head', 'https:/[Manager FQDN]:443/repository/4.1.2.1.0.22667789/Manager/dry_run/dry_run.py', '--show-error', '--thumbprint', '##########'
<Timestamp> [Manager Name] NSX 1366540 - [nsx@6876 comp="nsx-manager" subcomp="curl_wrapper" username="uproton" level="INFO"] Trying (with httpLib)[Manager FQDN]:443...
<Timestamp> [Manager Name] NSX 1366540 - [nsx@6876 comp="nsx-manager" subcomp="curl_wrapper" username="uproton" level="INFO"] Calling 'openssl', 's_client', '-showcerts', '-servername', 'XXXXXXXX', '-connect', [Manager FQDN]:443'
<Timestamp> [Manager Name] NSX 1366540 - [nsx@6876 comp="nsx-manager" subcomp="curl_wrapper" username="uproton" level="INFO"] certificate verification 717157cce1a0e5abf3863778a731d7e478901c27bcba0c2f90f8aeedbab595 from [Manager FQDN]:443 failed: certificate has expired

or as below in var/log/nsxapi.log

<Timestamp> [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Sending POST request to api/v1/cluster/node?action=repo_sync with message: null
<Timestamp> [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] Certificate expired for CN=<Hostname of Manager>,OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US
<Timestamp> [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] checkServerTrusted: CN=<Hostname of Manager>,OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US for authType=ECDHE_RSA failed: Certificate expired for CN=<Hostname of Manager>,OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US
<Timestamp> [nsx@6876 comp="nsx-manager" errorCode="MP31815" level="ERROR" subcomp="manager"] TLS Error in rest call url= /api/v1/cluster/node?action=repo_sync , method= POST , response= null , error= [{"errorMessage":"TLS handshake failed","errorData":{"errorCode":"503"}}]
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<IP of manager>/api/v1/cluster/node": Certificate expired for CN=<Hostname of Manager>,OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US; nested exception is javax.net.ssl.SSLHandshakeException: Certificate expired for CN=<Hostname of Manager>,OU=NSX,O=VMware Inc.,L=Palo Alto,ST=CA,C=US

or also in /var/log/nsxapi.log

<Timestamp> INFO RepoSyncThread-1749803295755 RepoSyncFileHelper 3806208 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Command to get server info for https://<Manager IP>:443/repository/4.1.2.3.0.23382408/HostComponents/esx70/nsx-esx-postcheck returned result CommandResultImpl [commandName=null, pid=3138859, status=FAILED, errorCode=60, errorMessage=curl_wrapper: (60) certificate has expired

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware NSX
VMware NSX-T Data Center

Cause

Expired certificates on the NSX Manager could result in the failure of the .PUB file upload and subsequent repo_sync attempt.

Resolution

Replace expired certificates on NSX Manager with the help of the Documentation: Replace Certificates Through API or if self signed via the CARR script .

  • After replacing the expired certificates, fix the repo_sync status following the below steps:

    1. Navigate to System > Appliances in the NSX Manager UI.

    2. On the NSX Manager node, select view details.

    3. Check for the repo_sync status.

    4. If its in failed state, click the Resolve option next to the repo_sync status.

  • Note: If the repo_sync is still in failed state, even after following the above steps, please refer the following documentation for alternate methods: After replacing Managers or while running Upgrade prechecks, Repo_Sync is Failed
  • Once repo_sync is successful then retry uploading of the .PUB file
    • Reboot of the manager is not required.
Powered by Wolken Software