Fleet Manager Deployment Fails During Certificate Exchange Over NSX Overlay Network in VCF 9.
search cancel

Fleet Manager Deployment Fails During Certificate Exchange Over NSX Overlay Network in VCF 9.

book

Article ID: 436017

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

VMware Cloud Foundation (VCF) Fleet Manager deployment fails during the certificate exchange phase when deployed on an NSX overlay network.

Symptoms include:

  • The Fleet Manager instance is reachable over the network without MTU size defined

  • Executing openssl s_client -showcerts -connect <HOSTNAME>:443 successfully connects but the certificate exchange hangs or fails to complete.

  • ICMP ping tests with payload sizes of 1415 bytes and above fail to reach the destination.

    • Successful ping
      ping -s 1414 <Host IP> 

    • Failure ping
      ping -s 1415 <Host IP> 

The following errors are observed in the Fleet Manager logs:

2026-02-26T21:13:55.510Z ERROR vrlcm [1615] [pool-3-thread-9] [c.v.v.l.v.p.t.GetFleetVcfaDetailsTask] Could not get the fleet VCF Automation instance details. Cannot create SDDC manager endpoint.
2026-02-26T21:13:55.510Z INFO vrlcm [1615] [pool-3-thread-9] [c.v.v.l.p.a.s.Task] Injecting task failure event. Error Code: 'LCMVCFA00012', Retry:'true', Causing Properties: ' { CAUSE :: skipTask === '
com.vmware.vrealize.lcm.common.exception. EngineException: Could not get the fleet VCF Automation instance details. Cannot create SDDC manager endpoint. at com.vmware.vrealize.lcm.vcfa.plugin.tasks.GetFleetVcfaDetailsTask.execute (GetFleetVcfaDetailsTask.java:144) [ vmlcm-vcfaplugin-core-9.0.1.0-SN

Environment

  • VMware Cloud Foundation 9.0
  • VMware NSX
  • VCF Fleet Manager

Cause

The physical network VLAN interface backing the overlay network is configured with a default Maximum Transmission Unit (MTU) size of 1500 bytes. NSX overlay traffic requires Geneve encapsulation, which adds additional overhead. Packets larger than 1415 bytes, such as those utilized during the TLS certificate exchange, are dropped between the Edge-hosted ESXi host and the Fleet Manager ESXi host due to the restrictive MTU size on the physical network path.

Resolution

 

  1. Identify the physical switch ports and VLAN interfaces backing the NSX overlay network for the affected ESXi transport nodes.

  2. Modify the physical network configuration to increase the MTU size to support Geneve encapsulation overhead. An MTU of 9000 bytes (Jumbo Frames) is highly recommended and aligns with standard VMware Cloud Foundation architecture.

  3. Validate end-to-end jumbo frame connectivity between the Edge-hosted ESXi and the Fleet Manager ESXi host to ensure packets are not fragmented or dropped.

  4. Retry the Fleet Manager deployment or certificate exchange process.

 

Additional Information

MTU Guidance for NSX Transport Nodes

Powered by Wolken Software