Compliance check workflow for transition to vSphere Lifecycle Manager (vLCM) Images fails with error "Failed to import NSX depot to vCenter".
search cancel

Compliance check workflow for transition to vSphere Lifecycle Manager (vLCM) Images fails with error "Failed to import NSX depot to vCenter".

book

Article ID: 405739

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

When a compliance check is invoked for transitioning a cluster to vSphere Lifecycle Manager (vLCM) Images via SDDC Manager, the workflow fails at the task "Import NSX depot to vCenter"


The following error is observed in domain manager log on SDDC Manager:

/var/log/vmware/vcf/domainmanager/domainmanager.log

2025-07-15T03:04:40.631+0000 ERROR [vcf_dm,6875c53e944c11f8294f333cfbb91057,f19d] [c.v.v.t.action.ImportNsxDepotAction,dm-exec-18]  Exception in importing nsx depot to vCenter: Internal vcenter error
2025-07-15T03:04:40.631+0000 ERROR [vcf_dm,6875c53e944c11f8294f333cfbb91057,f19d] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-18]  [VPF0JO] IMPORT_NSX_DEPOT_TO_VCENTER Failed to import NSX depot to vCenter: <vcenter-host-name>
com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to import NSX depot to vCenter: <vcenter-host-name>
        at com.vmware.vcf.transitionmanager.action.ImportNsxDepotAction.execute(ImportNsxDepotAction.java:93)
        at com.vmware.vcf.transitionmanager.action.ImportNsxDepotAction.execute(ImportNsxDepotAction.java:33)

The following error is observed in vum server log on vCenter:

/var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log

 

2025-07-14T16:14:06.171Z verbose vmware-vum-server[51162] [Originator@6876 sub=httpDownload] [httpDownloadPosix 188] * SSL certificate problem: self-signed certificate in certificate chain
2025-07-14T16:14:06.172Z verbose vmware-vum-server[51162] [Originator@6876 sub=httpDownload] [httpDownloadPosix 188] * closing connection #32
2025-07-14T16:14:06.174Z verbose vmware-vum-server[51162] [Originator@6876 sub=httpDownload] [httpDownloadPosix 741] Cleanup SSL context
2025-07-14T16:14:06.174Z error vmware-vum-server[51162] [Originator@6876 sub=DownloadMgr] [downloadMgr 705] Executing download job {140059154367856} throws error: curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: self-signed certificate in certificate chain
2025-07-14T16:14:06.174Z error vmware-vum-server[51162] [Originator@6876 sub=DownloadMgr] [downloadMgr 813] Download failed for url: https://<nsx-manager-hostname>/repository/4.2.3.0.0.24810220/HostComponents/esx70/nsx-lcp-4.2.3.0.0.24810230-esx70.zip

 

Environment

VMware Cloud Foundation 9.x

Cause

The error is caused due to a missing root certificate in the vCenter's certificate store.

Resolution

  1. Add the trusted root certificate of NSX manager to vCenter's certificate store.

  2. Follow instructions in KB, "Steps to add a Trusted Root Certificate to the Certificate Store"

  3. Restart the failed compliance check workflow from SDDC Manager UI / PowerShell script
Powered by Wolken Software