VCF - NSX-T Precheck and upgrade attempt fails with "NSX Manager is in error state due to audit failure. Please run upgrade pre-checks before proceeding with upgrade."
Article ID: 427014
Updated On:
Products
Issue/Introduction
Below is the screenshot of the above issue:
SDDC manager logs (/var/log/vmware/vcf/lcm/lcm-debug.log) report similar to below
Caused by indicates the certificate does not match any of the subject alternative names:
Environment
VMware Cloud Foundation 5.x
VMware NSX
Cause
SDDC manager queries the NSX-T Manager and validates the certificate, if the NSX-T manager certificate common name does not match the actual fqdn of the NSX-T manager then the error occurs.
Resolution
Create a Self-Signed Certificate
1) With admin privileges, log in to NSX Manager.
2) Select System > Certificates.
3) Click the CSRs tab.
4) From your selected CSR, click Available actions and select Self Sign Certificate for CSR.
5) Enter the number of days the self-signed certificate is valid.
The default is 825 days. Even if you change this value for previously generated self-signed certificate, the default value is displayed every time you generate a new certificate.
6) Choose your Service Certificate type.
7) Toggle the Service Certificate button to No to use this certificate with NSX Manager appliance nodes.
8) Click Save.
Replace newly created certificate to the API service on NSX-T Manager using the below API:
POST /api/v1/trust-management/certificates/<cert-id>?action=apply_certificate&service_type=API&node_id=<node-id>
Additional Information
Feedback
