• Federated NSX deployment.
• Certificates will have been renewed on all nodes:
  • The Global Manager certificate on the active Global Manager.
  • This typically gets synchronized to the Local Managers and passive Global Manager.
• A Local NSX Management Cluster will be showing expired remote certificates for other nodes, even though the certificates will have been renewed on the respective Clusters. 
• No sync warnings are observed on the Global Manager.
• Running the CARR Script does not resolve the issue.
• Entries similar to the below exist in /var/log/proton/nsxapi.log of the impacted Local Manager

  WARN http-nio-127.0.0.1-7440-exec-10 PrincipalIdentityServiceImpl 5210 SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" reqId="########-####-####-####-############" subcomp="manager" username="admin"] {name: 'globalmanageridentity-########-####-####-####-############',node_id: '########-####-####-####-############',certificate_id: '########-####-####-####-############'} There already exists a principal with that name and node-id

VMware NSX

This is a known issue impacting VMware NSX.

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.