Compute Manager Lost Connectivity alarm in NSX after Global Manager is upgraded to NSX 9.0.2 in Federated Environment.
search cancel

Compute Manager Lost Connectivity alarm in NSX after Global Manager is upgraded to NSX 9.0.2 in Federated Environment.

book

Article ID: 443378

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The Global Manager interface displays the following alarm:
    Compute Manager Lost Connectivity. Connection status of Compute Manager #### having id #### is DOWN.
  • When you attempt to resolve the error by clicking Edit and then Save on the affected Compute Manager in the NSX UI, you receive this error:
    Error: create_service_account field must be set to true from VCF 9.0 onwards (Error code: 90033)

Environment

  • VCF 9.0.2
  • NSX 9.0.2
  • NSX Federated environment

Cause

During the initial installation of NSX Global Managers and their initial connection to a Computer Manager (vCenter Server), the creation of a service account is not required and is disabled by default. The upgraded version of NSX drops connectivity to vCenter and will not reconnect until this setting is enabled.

Beginning in VCF 9.0, this service account is required and must be enabled by API call.

Resolution

Update the compute manager configuration to include the "create_service_account": true setting via a REST API call to the NSX Manager.

  1. Obtain the current _revision integer and Compute Manager ID by querying the NSX Manager API

    API Command:

    GET https://<NSX_MANAGER_FQDN_OR_IP>/api/v1/fabric/compute-managers

    Curl Command:

    # curl -l -k -u 'admin' -H 'Content-Type:application/json' -X GET https://<NSX_MANAGER_FQDN_OR_IP>/api/v1/fabric/compute-managers

  2. Obtain the new SHA-256 thumbprint of the vCenter Server machine SSL certificate.

    vCenter thumbprint:

    # openssl s_client -connect <vcenter-ip/fqdn>:443 </dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin

  3. Execute the following API call to update the Compute Manager:

    API Command:

    PUT https://<NSX_MANAGER_FQDN_OR_IP>/api/v1/fabric/compute-managers/<COMPUTE_MANAGER_ID>

    Curl Command:

    # curl -l -k -u 'admin' -H 'Content-Type:application/json' -X PUT https://<NSX_MANAGER_FQDN_OR_IP>/api/v1/fabric/compute-managers/<COMPUTE_MANAGER_ID> -d @payload.json

     

  4. Supply the following JSON payload body: Create a file with the following information and save it as payload.json

    {
  "server": "<VCENTER_FQDN_OR_IP>",
  "create_service_account": true,   <--Required additional field and setting.
  "origin_type": "vCenter",
  "credential": {
    "credential_type": "UsernamePasswordLoginCredential",
    "thumbprint": "<VC_MACHINE_SSL_CERT_SHA256_THUMBPRINT_from_step_2>",
    "username": "<VCENTER_USERNAME>",
    "password": "<VCENTER_PASSWORD>"
  },
  "_revision": <CURRENT_REVISION_from_step_1>
}


    Verify the API request returns an HTTP 200 OK status.

  5. Allow time for the vCenter Server to undeploy and redeploy the NSX plugin.

  6. In the NSX UI, verify that the Compute Manager Registration Status returns to "Registered" and the Connection Status is "Up", with zero active alarms.

Powered by Wolken Software