VMware NSX Issue Caused by Expired vCenter Certificate
A recent issue encountered with VMware Cloud Foundation (VCF) NSX was traced back to an expired certificate in vCenter. The certificate expiration led to a disruption in communication between vCenter and NSX, triggering the following error: “Edge VM Not Present in Both NSX Inventory and vCenter.”
This communication breakdown resulted from the certificate being updated on vCenter, which caused a mismatch between the vCenter and NSX environments. As a result, the Edge VM could not be recognized in both inventories, leading to the critical error below.
The following KB article gave the fix for the problem: https://knowledge.broadcom.com/external/article/322036/after-vcenter-certificates-are-replaced.html
However you do have to click the link that takes you to this link:
https://knowledge.broadcom.com/external/article?articleNumber=323341
We also had this connection down in NSX:
To fix the problem we ran the following command on the vCenter appliance shell:
echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256
Then copied the output of this command into Notepad ++
Open the Compute Manager connection in NSX:
Navigate to System > Fabric > Compute Manager
Select Compute Manager and Edit
Enter correct thumbprint in “SHA-256 thumbprint” and Save
Be warned, the Edge errors did take ages to clear for us, however they did eventually clear. One by one, each edge node error cleared in its own time.
Did find a Dell article that talks about running the following from postman:
POST https://<manager-ip>/api/v1/transport-nodes/<tn-id>?action=refresh_node_configuration&resource_type=EdgeNode&read_only=true <tn-id> is the edge transport node id <manager-ip> is the FQDN of NSX-T VIP
However we didn’t get an chance to test that sync, for us patience did work in the end.
Leave a Reply