NSX ALB Password Disconnected in SDDC Manager
Article ID: 422034
Updated On:
Products
VMware SDDC Manager
Issue/Introduction
- NSX ALB password shows a "
disconnected" status in SDDC Manager under Password Management: - The password being used to login to AVI matches what SDDC Manager has in its database and we are able to login successfully to the AVI UI with the credential
- Attempting to remediate the password to re-sync the account back to SDDC Manager fails with error "
Failed to update user credential in AVI Load Balancer Controller Cluster" - Checking in the NSX UI > System > Appliances > Avi Load Balancer shows the following:
/var/log/vmware/vcf/operationsmanager/operationsmanager.logmay show the following:
2025-12-05T21:02:03.139+0000 ERROR [vcf_om,693347d0a0bb720a25fb277c96f0e01e,7469] [c.v.v.p.u.d.NsxtAlbServiceAccountUpdater,om-exec-10] [ALB] Failed to update ALB cluster with service user credentials. com.vmware.vcf.passwordmanager.exception.PasswordUpdateException: InvalidRequest (com.vmware.vapi.std.errors.invalid_request) (statusCode:400) => { messages = [], data = => {error_message=I/O error on POST request for "https://<AVI_IP>/api/authtoken": PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain., httpStatus=BAD_REQUEST, error_code=500016, module_name=Policy}, errorType = INVALID_REQUEST } at com.vmware.vcf.passwordmanager.helper.NsxtApiUtil.changeAlbClusterUserCreds(NsxtApiUtil.java:1070) at com.vmware.vcf.passwordmanager.update.dependents.NsxtAlbServiceAccountUpdater.updateVcenterServiceUserInAlb(NsxtAlbServiceAccountUpdater.java:134) at com.vmware.vcf.passwordmanager.update.dependents.NsxtAlbServiceAccountUpdater.update(NsxtAlbServiceAccountUpdater.java:65) at com.vmware.vcf.passwordmanager.update.changers.AbstractPasswordChanger.doUpdaters(AbstractPasswordChanger.java:999) at com.vmware.vcf.passwordmanager.update.changers.AbstractPasswordChanger.updateAsync(AbstractPasswordChanger.java:574) at com.vmware.vcf.passwordmanager.update.changers.AbstractPasswordChanger.doUpdate(AbstractPasswordChanger.java:208) at com.vmware.vcf.passwordmanager.rotate.AbstractPasswordTransactionExecutor$1.call(AbstractPasswordTransactionExecutor.java:104) at com.vmware.vcf.passwordmanager.rotate.AbstractPasswordTransactionExecutor$1.call(AbstractPasswordTransactionExecutor.java:95) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at com.vmware.vcf.common.tracing.TraceRunnable.run(TraceRunnable.java:63) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Caused by: com.vmware.vapi.std.errors.InvalidRequest: InvalidRequest (com.vmware.vapi.std.errors.invalid_request) (statusCode:400) => { messages = [], data = => {error_message=I/O error on POST request for "https://<AVI_IP>/api/authtoken": PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain.; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: java.security.cert.CertPathBuilderException: Unable to find certificate chain., httpStatus=BAD_REQUEST, error_code=500016, module_name=Policy}, errorType = INVALID_REQUEST
Environment
VMware Cloud Foundation 9.x
VMware NSX 9.x
Cause
SDDC Manager talks to NSX ALB through NSX Manager for password operations. If SDDC Manager trusts the AVI certificate but NSX Manager does not, then password operations will fail.
Resolution
Run through KB: VMware NSX Advanced Load Balancer Controller showing as not reachable in NSX-T UI to import the ALB certificate into all 3 NSX Managers then retry password operations on the SDDC Manager UI.
Feedback
Yes
No
Powered by
