NSX upgrade pre-check fails with error "Management Service is not available. Failed to executed method GetRemoteRepoSyncResult"
search cancel

NSX upgrade pre-check fails with error "Management Service is not available. Failed to executed method GetRemoteRepoSyncResult"

book

Article ID: 373404

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Upgrading an NSX environment from 4.1.0.2.
  • When running the pre-checks, the following error is seen in the Manager check results: 
    Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException
  • Repo Sync is showing green on all the managers. System>Appliances>View Details
  • Platform Certificates have all show valid and not expired.
  • Restarting the install-upgrade service does not resolve the issue.
  • Restarting the NSX Managers does not resolve the issue.
  • Resetting the Upgrade Plan via API returns HTTP 200 but does not resolve the issue. 

    POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=HOST

    POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=EDGE

    POST https://<nsx-mgr>/api/v1/upgrade/plan?action=reset&component_type=MP
  • Similar messages to those seen in the UI are seen in the syslog file

    Login as root > navigate to > var/log/syslog

    Management service is not available. Failed to execute method GetRemoteRepoSyncResult. I/O error on GET request for https://managerIP:443/api/v1/cluster/nodes/UUID/repo_sync/status: null; nested exception is javax.net.ssl.SSLException
  • You also see messages similar to:

    Unsupported cache type in URI

Environment

NSX 4.1.0.2

Cause

The SSLException error is is due to a Certificate Revocation List (CRL) check that is being performed in 4.1.0.2.

 

Resolution

Disable the CRL check:

  1. Take a backup of your NSX manager. (This is a general precaution when making manager changes. There is no impact to the datapath.)
  2. Login to the CLI of a manager as root
  3. Attempt the API call below after taking a backup:

    curl -u admin: -i -k -X PUT https://managerIP/api/v1/global-configs/SecurityGlobalConfig -H "Content-Type:application/json" -d '{ "_revision" : 0, "resource_type": "SecurityGlobalConfig", "crl_checking_enabled" : "false", "ca_signed_only" : "false" }'
  4. Log out of the UI or Refresh and try the prechecks again.

Additional Information

Powered by Wolken Software