Unable to remove the existing NSX port groups from ESXi host
search cancel

Unable to remove the existing NSX port groups from ESXi host

book

Article ID: 416588

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When ESXi host is removed from NSX prepared cluster to Datacenter, the NSX VIBs are removed however the NSX prepared VDS persists. 
  • When attempting to remove Host from VDS from vCenter, it fails with the below error. 
  • Compute manager status is showing down and we attempting to reconnect. It is failing with the error message as "Failed to remove NSX ownership due to error Error in rest call. url= nsxapi/api//v1/managed-objects/lcm/nsx-ownership/########-####-####-####-############?action=clear , method= PUT , response= { "module_name" : "common-services", "error_message" : "General error has occurred.", "details" : "java.lang.RuntimeException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: Certificate expired for CN=###-##-##.###.#########.####,O=#####,ST=######,C=##", "error_code" : 100 } , error= 500 : "{<EOL> "module_name" : "common-services",<EOL> "error_message" : "General error has occurred.",<EOL> "details" : "java.lang.RuntimeException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: Certificate expired for CN=###-##-##.###.#########.####,O=#####,ST=######,C=##",<EOL> "error_code" : 100<EOL>}<EOL>" .. Please resolve the error and try again"

Environment

VMware NSX 

VMware NSX-T Data Center

Cause

Issue is due to Certificate update/replacement process on the vCenter(s), which causes a change in machine SSL and Security Token Service (STS) signing values. This results in a certificate error on NSX when attempting to re-establish connection to the Compute Manager, which is the impacted vCenter server.

Resolution

Please reboot the impacted vCenter (If not performed already) and then attempt to edit and re-enter compute manager credentials on the NSX manager. This may need to be done again after a few minutes if same error persists immediately following reboot.

Please open a support request if this issue persists after the reboot.

Creating and managing Broadcom support cases

Additional Information

Reference KB https://knowledge.broadcom.com/external/article?articleNumber=376477 

Powered by Wolken Software