NSX Manager Pre-Check warning to run CARR script
Article ID: 408767
Updated On:
Products
VMware NSX
Issue/Introduction
- Upgrading NSX to VMware NSX 4.2.3
- There is an additional Pre Check feature with VMware NSX 4.2.3 to validate that no transport node SSL certificates are expired or will expire within 90 days.
- If such a certificate is found, the user will be instructed to run the Certificate Analyzer, Results and Recovery (CARR) script.
- Below is the warning seen if the check fails
Environment
VMware NSX
Cause
There are transport node SSL certificates which are expired or will expire within 90 days.
Resolution
Run the CARR script using dry run to identify number of Edges and Hosts with TN certificates of validity 90 days or less
- Copy carr-1.18.tar.gz to the client server where it will be run. On the NSX Manager use the /root folder
- Extract the bundle
tar -xvf carr-1.18.tar.gz
- Change to the extracted folder
cd carr-1.18
- Execute the dry run to check validation of 90 days or less
./start.sh -d -t 90 - Once complete, it will populate a file called validation_config_recovery_mode.yaml and display the results in the console. Then to apply the fixes identified by the script (recovery mode)
./start.sh -t 90 -r validation_config_recovery_mode.yaml
For more details on CARR script refer Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX
Note: In scenarios, where there is a need to replace the Transport Node certificate individually, follow the steps mentioned on Alarm For Transport Node Certificate is About to Expire.
Additional Information
- NSX Upgrade Pre-check
This release adds an upgrade pre-check to validate that no transport node SSL certificates are expired or will expire within 90 days. If such a certificate is found, the user will be instructed to run the Certificate Analyzer, Results and Recovery (CARR) script.
Feedback
Yes
No
Powered by
