When switching a cluster to vSphere Lifecycle Manager images, get the error: "Error occurred while checking whether NSX-T Data Center is enabled on this cluster."
Article ID: 402370
Updated On:
Products
Issue/Introduction
When switching a cluster to vSphere Lifecycle Manager images, get the error: "Error occurred while checking whether NSX-T Data Center is enabled on this cluster."
We see an error like below in the log file /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log on the vCenter server, indicating that the expected thumbprint of the NSX VIP certificate is empty/blank/null.
2025-05-30T11:51:02.995-06:00 warning vmware-vum-server[33457] [Originator@6876 sub=IO.Connection] Failed to SSL handshake; SSL(<io_obj p:0x00007f69e802f4e8, h:67, <TCP '[vCenter_IP_Address] : 40306'>, <TCP '[NSX_VIP_IP_Address] : 443'>>), e: 336134278(certificate verify failed), duration: 6msec
2025-05-30T11:51:02.995-06:00 warning vmware-vum-server[33457] [Originator@6876 sub=HttpConnectionPool-000000] Failed to get pooled connection; <cs p:00007f69ec17e020, TCP:[NSX_VIP_IP_Address]:443>, SSL(<io_obj p:0x00007f69e802f4e8, h:67, <TCP '[vCenter_IP_Address] : 40306'>, <TCP '[NSX_VIP_IP_Address] : 443'>>), duration: 6msec, N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
--> PeerThumbprint: 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33
--> ExpectedThumbprint:
--> ExpectedPeerName: [NSX_VIP_IP_Address]
--> The remote host certificate has these problems:
-->
--> * self signed certificate in certificate chain)
-->
Environment
NSX-T version 3.2.4.1
vCenter version 7.0 U3t
Cause
The NSX VIP certificate was provided, but containing the private key.
Resolution
Recreate the NSX VIP certificate and replace it, but not containing the private key.
Additional Information
This problem is resolved in NSX 4.2.0.
Feedback
