NSX site onboarding failing on SSP
search cancel

NSX site onboarding failing on SSP

book

Article ID: 405890

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

  • Onboarding Site Registration with NSX failing on SSP.
  • You see similar error in site service pod logs.

    (SSH to SSP Installer as root)

    k get pods -n nsxi-platform | grep site-service

    k logs <site-service pod name from pervious command> -n nsxi-platform

    {"log":"2025-07-24T20:02:10.700627292+00:00 stdout F 2025-07-24T20:02:10.700Z\tERROR\tsite_drift_detector\treflect/value.go:596\tfailed to connect to site\t{\"site\": \"85761817-ae0b-4890-9c8b-cb06f3c16a4b\", \"error\": \"Get \\\"https://nsx-85761817-ae0b-4890-9c8b-cb06f3c16a4b/api/v1/sites/self\\\": x509: certificate signed by unknown authority\"}","kubernetes":{"pod_name":"site-service-6d9c7bb479-mxxq5","namespace_name":"nsxi-platform","pod_id":"2a229305-8536-40fd-be44-e0ad0c8171bf","host":"ssp-dc11-ms-0-zqtqg-z9262","container_name":"site-service","docker_id":"3ca0221d80b2039a5c7446a7dcd5cb46cf5b56a3f6c3f8cb60fc13c0a0302a35","container_hash":"sspi.example.com/clustering/site-service@sha256:8f8e40b6e42f7cd1637726c1be42beed4d401dd6f6d5be731c5db5aeb4257bdf","container_image":"sspi.example.com/clustering/site-service@sha256:8f8e40b6e42f7cd1637726c1be42beed4d401dd6f6d5be731c5db5aeb4257bdf"}}

  • You see similar error when describing site.

    k describe site -n nsxi-platform

    status:
        conditions:
        - lastTransitionTime: "2025-07-24T19:22:06Z"
          message: 'error adding/updating certificate with alias 3ad3cd5a-a21a-41f3-b33f-10688570461c,
            usedBy NSX_UA_NODE, err: error while executing API call to https://trust-manager/api/v1/platform/trust-management/certificates:
            {"error_code":940008,"module_name":"TrustManager","error_message":"Supplied
            certificate data is invalid because: Certificate has expired."}'
          reason: NotConnected
          status: "False"
          type: ConnectionEstablished
        currentState: NotReady
        message: OnboardingInProgress

Environment

SSP 5.0.0

Cause

  • This happens when NSX node certificate has expired.

Resolution

  • Replace the expired certificate with new on NSX node and onboard again on SSP.

Additional Information

If the resolution mentioned in this KB does not address your issue, refer to the Master KB for NSX Onboarding Issues, which lists all known onboarding scenarios, causes, and troubleshooting methods.

Powered by Wolken Software