Unable to view certificate and password details for NSX components in VCF Operations
search cancel

Unable to view certificate and password details for NSX components in VCF Operations

book

Article ID: 441430

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • When you navigate to Fleet Management > Certificates / Passwords in the VCF Operations UI, you are unable to view NSX component certificates and passwords, despite successful data collection and inventory synchronization.



  • The Certificates tab within the SDDC Manager UI (SDDC > Inventory > Workload Domains > [Domain] > Certificates) fails to load for Management or VI Workload Domains with the error: "Failed to load installed certificate(s). Something went wrong. Please retry or contact the service provider and provide the reference token."



  • In /storage/log/vcops/log/adapters/ManagementAdapter/management-Adapter-<ID>.log, the following exception is observed:

    ERROR ManagementAdapter ##### [ops@#### threadId="###" threadName="Collector worker thread ##" instanceId="###"] [(###) com.vmware.adapter.management.components.certificate.collector.VCFCertificateCollector.lambda$processCertificateResponse$6] - Failed to fetch certificate for resource: NSX_ALB getCertificateError: Status : NOT_TRUSTED, Message : null
     
     ERROR ManagementAdapter ##### [ops@#### threadId="###" threadName="Collector worker thread 21" instanceId="###"] [(###) com.vmware.adapter.management.components.certificate.collector.VCFCertificateCollector.lambda$fetchCertificatesForEachDomain$3] - Exception occurred in collecting certificates from domain - <SSDC_Domain_ID>
       org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 : "{"errorCode":"VCF_RUNTIME_ERROR","arguments":[],"message":"Something went wrong. Please retry or contact the service provider and provide the reference token.","referenceToken":",<Token_details>"}"

  • Additionally, /var/log/vmware/vcf/operationsmanager/operationsmanager.log shows the following exception:

    Caused by: com.vmware.vcf.certmgmt.common.exception.CertificateManagementException: Failed to fetch expiry details for the certificates.
            at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.getCachedCertificatesForDomain(CertificateOperationsFacadeImpl.java:###)
            at jdk.internal.reflect.GeneratedMethodAccessor####.invoke(Unknown Source)

    Caused by: java.lang.NumberFormatException: For input string: ""
            at java.base/java.lang.NumberFormatException.forInputString(NumberFormatException.java:##)
            at com.vmware.vcf.certmgmt.common.util.NDCComplianceChecker.getAutoRenewStatus(NDCComplianceChecker.java:###)
            at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.fillAutoRenewStatus(CertificateOperationsFacadeImpl.java:###)
            at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.fillAutoRenew(CertificateOperationsFacadeImpl.java:###)
            at com.vmware.vcf.certmgmt.service.facade.impl.CertificateOperationsFacadeImpl.getCachedCertificatesForDomain(CertificateOperationsFacadeImpl.java:###)

Environment

VMware Cloud Foundation Operations 9.x
VMware Cloud Foundation 9.x

Cause

  • The issue is triggered when Certificate Auto-renewal is enabled in VCF Operations.
  • During the certificate auto-renew status check the version of ALB returns as null or empty value. Hence, the compliance check fails, resulting in a failure to fetch the certificates for that domain.

Resolution

This issue is resolved in VMware Cloud Foundation 9.0.2.

To work around this issue, disable the auto renew option from VCF Operations:

  1. Log in to the VCF Operations console using an account with Administrator privileges.

  2. Expand Fleet Management > Certificates.

  3. Navigate to VCF Management > VCF Instances and click on the affected VCF domain.

  4. Use the Activate Auto-renewal toggle to disable auto-renewal.

  5. Review the information and click Confirm.

  6. Allow 5 to 10 minutes for the data collection to complete. Once finished, return to the VCF Operations UI and reload the page. The certificate information should now be visible and accessible.

Additional Information

Set Up Automatic Renewal of Certificates in VMware Cloud Foundation -  https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/fleet-management/certificate-management-9-0/set-up-automatic-renewal-of-certificates-in-vmware-cloud-foundation.html 

Automatic Certificate Renewal in VMware Cloud Foundation 9.0 -  https://blogs.vmware.com/cloud-foundation/2025/06/19/automatic-certificate-renewal-in-vcf-9/ 

Powered by Wolken Software