LOCAL_MANAGER certificate expired and CARR script is not detecting and renewing the certificate
Article ID: 404280
Updated On:
Products
VMware NSX
Issue/Introduction
- You are using NSX Federation
- You see a LOCAL_MANAGER certificate generated by the standby global manager and pushed across your active global manager and all of the local managers
- When you validate the Used by section of the problem certificate from any of the locations and from active GM, you see the node ID of the standby GM and the service is of LOCAL_MANAGER and CLIENT_AUTH
Below is the sample screenshot: - In addition to the above, though the certificate was pushed by Standby GM, active GM shows the certificate comes from a LM but reports standby GM node ID
Below is the sample screenshot: - CARR script is not detecting this certificate and thus forth unable to renew it
- API calls to renew this certificate also doesn't make a difference
Environment
VMware NSX
Resolution
This is an out of workflow instance wherein, a LOCAL_MANAGER certificate was tagged for a Standby GM node ID.
This is not an expected behavior and this certificate should not be existing.
Please reach out to Broadcom support team if you are facing this issue and refer to this KB
Feedback
Yes
No
Powered by
