Error 26707: Cannot disable two-way authentication when pushing NSX depot on vLCM enabled cluster
search cancel

Error 26707: Cannot disable two-way authentication when pushing NSX depot on vLCM enabled cluster

book

Article ID: 440268

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When attempting to apply transport node profile to an NSX prepared cluster that is enabled with vSphere Lifecycle Manager (vLCM), the process may fail with the following symptoms:

  • The cluster status in NSX Manager shows as Preparation Failed.
  • The error message indicates: Pushing NSX depot(s) on Compute Manager failed with error: org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized.
  • Clicking the Resolve button on the cluster does not initiate a sync.
  • Attempting to toggle Enable Trust or Create Service Account in the Compute Manager settings results in: NSX is integrated with vLCM feature of vSphere system. Cannot disable two way authentication and service account creation functionality. (Error code: 26707).

Environment

VMware NSX 

Cause

This issue occurs because Enable Trust and Create Service Account are mandatory security configurations for NSX integration with vLCM. The "Unauthorized" error typically stems from an authentication drift or stale credentials between the NSX Manager and the vCenter Server, preventing the automated deployment of NSX components.

Resolution

To resolve this issue, force a refresh of the authentication trust by re-entering the compute manager credentials:

  1. Log in to the NSX Manager UI.
  2. Navigate to System > Fabric > Compute Managers.
  3. Select the affected vCenter Server and click Edit.
  4. Do not attempt to toggle the switches for Enable Trust or Create Service Account. Instead, manually re-type the Username  (e.g., [email protected]) and Password.
  5. Click Save.
  6. Wait for the Registration Status to show as Registered and the Connection Status to report Up.
  7. Navigate to System > Fabric > Nodes > Host Transport Nodes.
  8. Select the failed cluster and click the Resolve button.

The status should now transition to Prepared as the NSX depot is successfully pushed to the hosts.

Additional Information

Removing NSX from Host fails with UNAUTHORIZED error

NSX cannot be enabled on vLCM enabled cluster as required configurations are not created on compute manager

Cannot disable two way authentication and service account creation functionality.(Error code: 26707)

Powered by Wolken Software