NSX Manager UI certificate replacement fails with error 2190 "TRANSPORT_NODE_ONBOARDING_IN_PROGRESS"
Article ID: 412945
Updated On:
Products
Issue/Introduction
-
NSX Manager certificate replacement fails through UI or Batch API replacement.
-
The following error is observed when attempting to replace the certificate:
A certificate batch replace operation cannot be started at this time because conflicting operations are running: TRANSPORT_NODE_ONBOARDING_IN_PROGRESS. Try again later. (Error code: 2190)Error screenshot as seen from NSX UI > System > Certificates > Select the certificates you want to replace > Actions > Replace Certificates :
Environment
VMware NSX
Cause
An alarm is triggered during certificate replacement if any Transport Node is in a non-healthy state, such as HOST_DISCONNECTED or INSTALL_FAILED.
Resolution
This is a condition that may occur in a VMware NSX environment.
It is recommended to:
- Identify any stale or disconnected ESXi transport nodes in the NSX inventory.
- Rectify any host related errors
- Reattempt the NSX Manager UI certificate replacement from GUI or API.
- Verify success of replacement and NSX Manager accessibility.
If "Replace Certificate" option from an expired certificate is giving Batch Replace error, "Apply Certificate" for the respective service from new certificate can be attempted.
Also, the certificate can be replaced without using the batch replace process by replacing the certificate for each API/VIP service. Beginning with Step 1 in the following document
Replace Certificates Through API
As an alternative, you can use the CARR script to replace the certificates. This is recommended if the above procedures aren't working or if you have additional certificates that need to be replaced because they are expired or are expiring soon. Please reference KB 369034 - Using Certificate Analyzer, Results, and Recovery (CARR) script to fix certificate related issues in NSX.
Feedback
