• On an Edge or ESXi host running the cli push host-certificate reports an internal error

# push host-certificate <MGR IP> username <username> thumbprint <thumbprint>Password for API user:
% Push certificate failed: 'internal error'
#

• The NSX Manager admin user was changed at deployment time and has a non default name

VMware NSX

The push cli is not functioning correctly if NSX Manager admin username has been changed from default name.

This is a known issue.

To workaround this issue, the custom NSX Manager username must be changed back to admin.

1) Using a REST API client or curl get the full list of users

    GET https://<NSX_MGR_IP>/api/v1/node/users/

{
...
.....
    {   
      "full_name": "",
      "last_password_change": 33,
      "password_change_frequency": 90,
      "password_reset_required": false,
      "status": "ACTIVE",
      "userid": 10000,    
      "username": "custom_admin_name"
    },
    ...
  ]
}

2) Copy the block relating to the custom admin user above including the brackets.
     Note the userid which will be needed for the next API command.

3) Update the username back to admin using the PUT API 

    PUT https://<NSX-IP>/api/v1/node/users/<User-ID>

    PUT https://<NSX-IP>/api/v1/node/users/10000
    BODY:

    {   
      "full_name": "",
      "last_password_change": 33,
      "password_change_frequency": 90,
      "password_reset_required": false,
      "status": "ACTIVE",
      "userid": 10000,    
      "username": "admin"     <<<< username changed to admin
    }

NOTE: In the body above, the only change is the "username" to "admin", but all other parameters remain the same.

Once the cli has been run successfully, the same procedure can be used to revert back to the original username if desired.