NSX Compute Manager connection is DOWN with error "Compute Manager certificate is expired. Please renew it and edit Compute Manager to update its thumbprint in NSX."
Article ID: 404998
Updated On:
Products
VMware NSX
Issue/Introduction
- NSX Manager shows the Compute Manager connection is DOWN.
- In the NSX Manager UI we can see error
"Compute Manager certificate is expired. Please renew it and edit Compute Manager to update its thumbprint in NSX." - The Resolve button is greyed out.
- In NSX Manager logs, may see following error;
error_message {value: "Compute Manager #### certificate is expired. Please renew it and edit Compute Manager to update its thumbprint in NSX."}
Environment
VMware NSX
Cause
The vCenter Server MACHINE_SSL certificate has either expired or it has been replaced but the SSL thumbprint in the NSX Compute Manager configuration has not yet been updated with the new thumbprint.
Resolution
- If the vCenter Server MACHINE_SSL certificate is expire, replace it with a valid certificate.
- For CA signed certificate, reference Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate.
- For VMCA self-signed cert, reference Regenerate vSphere 6.x, 7.x, and 8.0 certificates using self-signed VMCA.
- Update the Compute Manager configuration in the NSX UI with the new certificate thumbprint using following steps;
- Select Compute manager in NSX and click edit.
- Remove the configured thumbprint and re-enter the vCenter username and password.
- Click Save.
- The NSX Manager UI will throw an error saying thumbprint is blank or empty and will present new thumbprint that it got from the vCenter Server certificate.
- Copy the thumbprint from the error and paste it into the Compute Manager configuration.
- Click Save again.
- Check Registration and Connection Status for the Compute Manager. It should return the Up status.
Feedback
Yes
No
Powered by
