NSX Site NotReady and Infra sync down on SSP - COMMON_FULLSYNC not started
search cancel

NSX Site NotReady and Infra sync down on SSP - COMMON_FULLSYNC not started

book

Article ID: 409676

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

  • NSX manager status shows not ready and infra sync is down on SSP UI.
  • Describe site from SSP Installer as root. you will see similar error.

k describe site -n nsxi-platform 

----output truncated----

Describe of site
  Last Transition Time:  2025-05-12T14:30:31Z
    Message:               COMMON_FULLSYNC not started
    Reason:                FullSyncNotReady
    Status:                False
    Type:                  CommonAgentReady

  • On NSX manager you will see similar error in /var/log/proton/nsxapi.log

    2025-08-28T20:43:57.511Z  INFO ForkJoinPool.commonPool-worker-3 StatusTrackingServiceImpl 5480 INTELLIGENCE [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] actionStateMsg is: action_name: "COMMON_FULLSYNC"
    message: "COMMON_FULLSYNC not started"

2025-08-28T21:42:34.028Z ERROR CommonAgentManagerIpProducer DefaultSslEngineFactory 2520530 Modification time of key store could not be obtained: /home/secureall/secureall/.store/.commonagent_keystore
java.nio.file.NoSuchFileException: /home/secureall/secureall/.store/.commonagent_keystore

2025-08-28T21:42:34.046Z ERROR CommonAgentDeltaProcessor DefaultSslEngineFactory 2520530 Modification time of key store could not be obtained: /home/secureall/secureall/.store/.commonagent_keystore
java.nio.file.NoSuchFileException: /home/secureall/secureall/.store/.commonagent_keystore

  • Intelligence, NDR and MPS features are activated on SSP.

Environment

SSP 5.0 with NSX versions 4.2.0, 4.2.0.1 and 4.2.1

Cause

  • An issue in early NSX 4.2 versions prevents synchronization of NSX agent certificates from the trust-management database to on disk keystores after proton restart.  
  • As a result, NSX agent's on disk keystores are not getting re-created from database after restore from backups or any NSX manager VM is deleted and recreated via NSX manager GUI.

Resolution

  • To resolve this issue, Offboard NSX manager from SSP and onboard again, however Offboarding is not possible without deactivating features like Intelligence, NDR and MPS if they are enabled.
  • To forcefully offboard NSX manager without deactivating features, run the site-offboarding-cleanup-nsx.sh script from KB 382295 (Follow the resolution steps from this KB to offboard).
    Note: This step does not cause any loss of data or flows.
  • From SSP UI, navigate to System → NSX Managers view, Click on the status of Connectivity, click Onboard.
  • After onboarding is done, NSX site should show ready, Connectivity agent shows infra sync UP. 

Additional Information

If the resolution mentioned in this KB does not address your issue, refer to the Master KB for NSX Onboarding Issues, which lists all known onboarding scenarios, causes, and troubleshooting methods.
Powered by Wolken Software