"Workspace ONE Access is not accessible", NSX manager login page is not redirecting to the vIDM
Article ID: 425431
Updated On:
Products
VMware NSX
Issue/Introduction
- The NSX manager login page is not redirecting to the vIDM (WorkspaceONE) login page, with error message similar to:
Workspace ONE Access is not accessible. Log in to NSX Manager using your local user account. - In the NSX Manager
/var/log/proton/nsxapi.logyou see the errors similar to:Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<vDIM_Server>/SAAS/auth/oauthtoken": Certificate expired for C=###,O=###,OU=###,CN=##; nested exception is javax.net.ssl.SSLHandshakeException: expired for C=##,O=###,OU=###,CN=##at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:791) ~[?:?]at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:738) ~[?:?]
Environment
VMware NSX
Cause
- This issue is caused by expired certificate on vIDM server node, which is disrupting communication between the NSX Manager and vIDM.
- The expired certificate is blocking the establishment of a secure connection to the vIDM service, which is required for retrieving access tokens.
Resolution
- Renew the expired certificate on the vIDM server.
- Update the SSL thumbprint in the NSX Manager to reflect the new certificate.
- Verify connectivity between NSX and vIDM after the update.
Additional Information
Use the following commands to verify expiration of certificate on vIDM server:openssl s_client -showcerts -connect <FQDN>:443 | openssl x509 -noout -dates
orcurl https://<FQDN> -vk 2>&1 | grep 'expire '
This issue can also cause the following behavior: When adding vIDM users in NSX, the interface remains on "Loading", and no users are displayed
Feedback
Yes
No
Powered by
