During a brownfield deployment of VCF 9.0, the VCF Installer fail to import the NSX Manager component, returning a validation error message below:

“Existing components validation failed due to errors: Cannot connect to <NSX Manager FQDN>”

From the domainmanager.log located at /var/log/vmware/vcf/domainmanager/, the log shows EXISTING_COMPONENTS_CHECK_FAILED_WITH_ERRORS.error and Cannot connect to <NSX Manager FQDN>. Please refer to the log snippet below for reference.

YYYY-MM-DDTHH:MM:SS.SSS+0000 DEBUG [vcf_dm,###########################c6,255d] [c.v.e.s.o.c.c.ContractParamBuilder,dm-exec-35]  Contract task Assemble brownfield environment validations output input: {"category":"BROWNFIELD_VSPHERE_VALIDATION","responses":[{"errorCode":"EXISTING_COMPONENTS_CHECK_FAILED_WITH_ERRORS.error","arguments":["########-####-####-####-##########b9","Cannot connect to <NSX Manager FQDN>"],"context":{"severity":"ERROR","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages","validation.taskId":"########-####-####-####-##########1d"},"message":"Existing components validation failed due to errors: Cannot connect to <NSX Manager FQDN>"},{"errorCode":"BROWNFIELD_VSPHERE_VALIDATION_STATUS.info","arguments":[],"context":{"severity":"INFO","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages","validation.taskId":"########-####-####-####-##########1e"},"message":"Existing vSphere is eligible to be converted to a VCF domain","nestedErrors":[{"errorCode":"VMWARE_COMPONENT_IP_NOT_IN_VC_MGMT_NETWORK.info","arguments":["VCF Operations Node","<VCF Ops FQDN>","<IP Address>","<IP Address/subnet mask>"],"context":{"severity":"INFO","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages","validation.taskId":"########-####-####-####-##########1e"},"message":"Validate if VMware Component\u0027s IP Address belongs to Management Network Subnet obtained from vCenter Server"},{"errorCode":"VMWARE_COMPONENT_IP_NOT_IN_VC_MGMT_NETWORK.info","arguments":["VCF Operations Cloud Proxy","<VCF Ops Collector FQDN>","<IP Address>","<IP Address/subnet mask>"],"context":{"severity":"INFO","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages","validation.taskId":"########-####-####-####-##########1e"},"message":"Validate if VMware Component\u0027s IP Address belongs to Management Network Subnet obtained from vCenter Server"},{"errorCode":"VMWARE_COMPONENT_IP_NOT_IN_VC_MGMT_NETWORK.info","arguments":["VCF Operations Management Spec","<VCF Ops Fleet Mgmt Appliance FQDN>","<IP Address>","<IP Address/subnet mask>"],"context":{"severity":"INFO","bundleName":"com.vmware.evo.sddc.common.validation.errors.messages","validation.taskId":"########-####-####-####-##########1e"},"message":"Validate if VMware Component\u0027s IP Address belongs to Management Network Subnet obtained from vCenter Server"}]}]}

From the operationsmanager.log located at /var/log/vmware/vcf/operationsmanager/, the logs show that the VCF installer failed to connect to <NSX Manager FQDN>:443 using the admin username, returning a 403 error code. This error indicates either incorrect credentials or a locked account. Please refer to the log snippet below for reference.

YYYY-MM-DDTHH:MM:SS.SSS+0000 DEBUG [vcf_om,###########################28,4873] [c.v.v.c.n.s.c.c.ApiConnection,pool-2-thread-11] Creating ApiClient to https://<NSX Manager FQDN>:443 with username admin
YYYY-MM-DDTHH:MM:SS.SSS+0000 INFO  [vcf_om,###########################28,4873] [o.b.jsse.provider.PropertyUtils,pool-2-thread-11] Found string system property [java.home]: /usr/lib/jvm/openjdk-java17-headless.x86_64
YYYY-MM-DDTHH:MM:SS.SSS+0000 DEBUG [vcf_om,###########################28,4873] [c.v.v.c.n.s.c.c.ApiConnection,pool-2-thread-11] Created ApiClient connection to: bnsxmanager-01.bridgestone.co.id
YYYY-MM-DDTHH:MM:SS.SSS+0000 INFO  [vcf_om,###########################28,4873] [o.b.jsse.provider.ProvTlsClient,pool-2-thread-11] [client #49 @5c2a0cc1] opening connection to <NSX Manager FQDN>:443
YYYY-MM-DDTHH:MM:SS.SSS+0000 INFO  [vcf_om,###########################28,4873] [o.b.jsse.provider.ProvTlsClient,pool-2-thread-11] [client #49 @5c2a0cc1] established connection with <NSX Manager FQDN>:443
YYYY-MM-DDTHH:MM:SS.SSS+0000 ERROR [vcf_om,###########################28,4873] [c.v.v.c.n.s.c.c.ComplexHelpers,pool-2-thread-11] Exception occurred during NSX API invocation
java.util.concurrent.ExecutionException: com.vmware.vapi.std.errors.Unauthorized: Unauthorized (com.vmware.vapi.std.errors.unauthorized) (statusCode:403) => {
    messages = [],
    data =  => {error_message=The credentials were incorrect or the account specified has been locked., error_code=403, module_name=common-services},
    errorType = UNAUTHORIZED
}
        at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
        at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
        at com.vmware.vapi.bindings.CompletionStageFuture.get(CompletionStageFuture.java:52)
        at com.vmware.vcf.common.nsxt.sdk.client.connection.ComplexHelpers.invoke(ComplexHelpers.java:169)
        at com.vmware.vcf.common.nsxt.sdk.client.connection.NodeVersionOperations.getVersion(NodeVersionOperations.java:30)
        at com.vmware.vcf.common.nsxt.sdk.client.connection.ApiConnection.preferPolicyOverMp(ApiConnection.java:560)

VMware NSX

VCF Installer

This issue occurs because the provided NSX admin password is incorrect or the NSX admin account is locked.

Verify that the NSX admin password provided is correct and ensure the NSX admin account is not locked.

NSX-INST-VCF