The connection to a Compute Manager (vCenter Server) from NSX Manager shows as Down. 

NSX Manager reports a critical alarm: 'Compute manager lost connectivity'.

The certificate thumbprint is confirmed to be correct. The issue may persist even when port 443 bidirectional connectivity is confirmed and curl returns a valid vCenter HTML page.

These are some indications of this condition: 

• Clicking on the "Down" message shows the following message: Compute Manager ... can not be connected, as its thumbprint does not match
  
  
  
  
• The thumbprint has been obtained using the following command and the result of this command matches the value in the Compute Manager edit window: 
  
  echo | openssl s_client -connect (COMPUTE_MANAGER_HOSTNAME):443 2>/dev/null | openssl x509 -noout -fingerprint -sha256
  
  
• Connectivity has been confirmed from the NSX CLI or NSX shell using: 
  

  ping (COMPUTE_MANAGER_HOSTNAME)

  and/or

  curl -k https://(COMPUTE_MANAGER_HOSTNAME)

• Information from /var/log/cm-inventory/cm-inventory.log shows a correct thumbprint match:
  
  thumbprint: cm  server value: "(CM_HOSTNAME)"
 thumbprint input value: "00:11:22: ############ :DD:EE:FF"
 and actual server thumbprint retrieved is 00:11:22: ############ :DD:EE:FF

Certain issues in the Compute Manager inventory service may require the service to be restarted. See KB article Compute Manager shows "Invalid credentials" and remains DOWN after a CM edit for a related condition.

Restart the cm-inventory service on the NSX Manager node that owns the affected Compute Manager connection using the command below; if unsure, the command below can safely be run on all NSX Manager instances: 

/etc/init.d/cm-inventory restart

It will take several minutes for Compute Manager connections to be restored after services are restarted.

Impact: Restarting this service will not affect NSX network traffic. Operations such as appliance deployments that require communication with a compute manager will be temporarily unavailable for several minutes.