In SDDC Manager NSX accounts are disconnected and remediation fails with errors related to SSL handshake and certificate path validation(PKIX path validation failed).
search cancel

In SDDC Manager NSX accounts are disconnected and remediation fails with errors related to SSL handshake and certificate path validation(PKIX path validation failed).

book

Article ID: 407971

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Complete Error message in the failed task: 

Cause: I/O error on GET request for "https://<NSX_FQDN>/api/v1/node/users": PKIX
path validation failed: java.security.cert.CertPathValidatorException: validity check failed;
nested exception is javax.net.ssl.SSLHandshakeException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: validity check failed

Environment

VMware Cloud Foundation 4.x

VMware Cloud Foundation 5.x

Cause

The issue occurs when the NSX Manager certificate has expired.
SDDC Manager relies on certificate validation for secure API communication, and an expired certificate prevents remediation tasks from completing successfully.

Resolution

Validate the certificate of the NSX manager either from the NSX UI or Workload Domain> Certificates.

If them certificates are expired replace them with VC signed certificates using the below KB: Scripted process to Replace Expired or Self-signed VMware NSX-T Manager Certificates with VMCA-Signed Certificates

Once the certificates are replaced re-run the remediation task with the same(current/working) password to fix the disconnect status. 

In case you are using custom certificates replace with VMCA-Signed Certificates then change them from SDDC manager. 

Additional Information

Other possible issues where NSX can be disconnected:
 NSX-T Manager user accounts disconnected in SDDC Manager password management

Powered by Wolken Software