NSX load balancer certificates are used by stale virtual servers and when opening the Virtual server tab on NSX UI the page fails with error: "The requested object: LogicalRouter/########-###### could not be found. (Error code: 600)"

search cancel

NSX load balancer certificates are used by stale virtual servers and when opening the Virtual server tab on NSX UI the page fails with error: "The requested object: LogicalRouter/########-###### could not be found. (Error code: 600)"

book

Article ID: 408560

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

- NSX certificates are expiring

- The certificates are used by NSX stale virtual servers

- When we click on virtual server section on NSX UI, it fails with error: "Http failure response for https://######: 404 Not Found" "Error message: The requested object: LogicalRouter/########-###### could not be found. Object identifiers are case sensitive (Error code: 600)"

- Searching the virtual server (which was associated with the expiring certificates) in the search of NSX UI shows up along with its related Loadbalancer service but is not present in the UI section: Load Balancers->Virtual Server section

- No T1s are associate with this stale LB/Virtual Server

Environment

VMware NSX

Cause

These 2 virtual servers are stale and also these virtual servers are still being referenced by the stale LoadBalancer services. Due to this the related expiring certificates cannot be replaced or deleted.

Resolution

To perform the workaround,

Identify the stale Virtual servers and its related LB services and use the following APIs either using Postman or using NSX manager CLI via Curl to delete these stale LB services associated to Virtual servers and the stale Virtual servers:

1. Delete the related stale Load Balancer service pertaining to the Virtual server using the API:

curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/api/v1/loadbalancer/services/<load-balancer-service-id>' -H "X-Allow-Overwrite: true"

2. Delete the stale Virtual servers using the API:

curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/api/v1/loadbalancer/virtual-servers/<virtual-server-id>' -H "X-Allow-Overwrite: true"

3. Once the stale ones are deleted, you can see the expiring certificates will have "Used By" count as 0, meaning they are not used by any Nodes/Services and can be deleted using the API or from the NSX UI:

curl -k -u <username>:<password> -X DELETE 'https://<nsx-manager-ip>/api/v1/trust-management/certificates/<certificate-id>' -H "X-Allow-Overwrite: true"

Additional Information

Reference KB:

Renewing expired NSX LB certificates

Feedback

thumb_up Yes

thumb_down No