Skip to main content

Relinking vCenter Server Appliance and NSX-T after VCSA PNID or SSL certificate change

  Details

This article provides information on how to modify VCSA PNID or SSL certificates when communication between vCenter Server Appliance (VCSA) and NSX-T Data Center fails.
Solution
Note: These steps do not include updating communication parameters between VCSA and NSX-T. After the VCSA PNID or SSL certificate has been successfully changed and all VCSA services have been restarted, you need to take additional steps to update communication parameters between VCSA and NSX-T.  These steps are as follows:
  1. Log into the VCSA appliance as root.
  2. Run this command: 

    /usr/lib/vmware-wcp/relink_nsx.py

    For example:

    /usr/lib/vmware-wcp/relink_nsx.py
    Enter password for NSX user 'admin'
    Password: <Password of NSX built-in user 'admin'>

    2020-02-19T17:56:07.987Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmp_qiji6me']
    2020-02-19T17:56:08.018Z Done running command
    2020-02-19T17:56:08.019Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getkey', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmpk052r6u4']
    2020-02-19T17:56:08.046Z Done running command
    2020-02-19T17:56:08.650Z Updating CM; NSX: 10.178.221.133:443, id: 955766ae-419d-4df4-b8ba-1270eaf6c0c0, VC: example.vmware.com, SSL: F3:A5:88:CA:4B:9D:45:37:B0:E6:A1:20:50:97:B1:CB:A0:8D:50:D2:8B:76:53:A2:67:F5:27:29:DB:55:D8:EC
    2020-02-19T17:56:21.447Z Updated CM: {'server': 'example.vmware.com', 'origin_type': 'vCenter', 'credential': {'thumbprint': 'F3:A5:88:CA:4B:9D:45:37:B0:E6:A1:20:50:97:B1:CB:A0:8D:50:D2:8B:76:53:A2:67:F5:27:29:DB:55:D8:EC', 'credential_type': 'SessionLoginCredential'}, 'origin_properties': [{'key': 'fullName', 'value': 'VMware vCenter Server 7.0.0 build-33446796'}, {'key': 'localeVersion', 'value': 'INTL'}, {'key': 'version', 'value': '7.0.0'}, {'key': 'originComputeManagerDescription', 'value': ''}, {'key': 'apiVersion', 'value': '7.0.0.0'}, {'key': 'build', 'value': '33446796'}, {'key': 'vendor', 'value': 'VMware, Inc.'}, {'key': 'licenseProductName', 'value': 'VMware VirtualCenter Server'}, {'key': 'name', 'value': 'VMware vCenter Server'}, {'key': 'osType', 'value': 'linux-x64'}, {'key': 'instanceUuid', 'value': '9c818def-80bd-4a0d-a07b-0596ad5b8efc'}, {'key': 'originComputeManagerName', 'value': 'VMware vCenter Server'}, {'key': 'localeBuild', 'value': '000'}, {'key': 'licenseProductVersion', 'value': '7.0'}, {'key': 'apiType', 'value': 'VirtualCenter'}, {'key': 'productLineId', 'value': 'vpx'}], 'trust_as_auth_server': False, 'reverse_proxy_https_port': 443, 'resource_type': 'ComputeManager', 'id': '955766ae-419d-4df4-b8ba-1270eaf6c0c0', 'display_name': '955766ae-419d-4df4-b8ba-1270eaf6c0c0', 'description': '', '_create_user': 'admin', '_create_time': 1581963548474, '_last_modified_user': 'admin', '_last_modified_time': 1582134971314, '_protection': 'NOT_PROTECTED', '_revision': 16}
    2020-02-19T17:56:21.471Z Updating OIDC EP; NSX: 10.178.221.133:443, id: 4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14, VC: example.vmware.com, SSL: F3A588CA4B9D4537B0E6A1205097B1CBA08D50D28B7653A267F52729DB55D8EC
    2020-02-19T17:56:22.139Z Updated OIDC EP: {'oidc_uri': 'https://example.vmware.com/openidconnect/vsphere.local/.well-known/openid-configuration', 'thumbprint': 'f3a588ca4b9d4537b0e6a1205097b1cba08d50d28b7653a267f52729db55d8ec', 'oidc_type': 'vcenter', 'issuer': 'https://example.vmware.com/openidconnect/vsphere.local', 'jwks_uri': 'https://example.vmware.com/openidconnect/jwks/vsphere.local', 'resource_type': 'OidcEndPoint', 'id': '4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14', 'display_name': '4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14', '_system_owned': False, '_create_user': 'admin', '_create_time': 1582134982050, '_last_modified_user': 'admin', '_last_modified_time': 1582134982050, '_protection': 'NOT_PROTECTED', '_revision': 0}
    2020-02-19T17:56:22.171Z Updating NSX UI plugin registration; VC: example.vmware.com, SSL: 97:D1:3A:BB:02:5A:CD:06:51:F4:3E:38:4B:C1:AB:2B:33:16:31:41
    2020-02-19T17:56:22.342Z Updated NSX UI plugin

Comments

Post a Comment

Popular posts from this blog

Error [403] The maximum number of sessions has been exceeded in the H5 client during login or logout

  Symptoms In virgo log, you see messages similar to: [2020-05-19T07:25:45.285Z] [ERROR] http-nio-5090-exec-130 72026859 142953 501051 com.vmware.vise.security.spring.DefaultAuthenticationProvider logout failed for sessionId 142953, clientId 501051 java.lang.IllegalStateException: The specified cardinality of 1..1 for osgi:reference implementing com.vmware.vcenter.apigw.api.ApiGatewaySessionManager in bundle com.vmware.h5ngc requires that exactly one OSGI service satisfies the filtering criteria but no such service was found.         at com.vmware.o6jia.context.ExternalServiceTargetSource.getTarget(ExternalServiceTargetSource.java:99)         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:192)         at com.sun.proxy.$Proxy159.logout(Unknown Source)         at com.vmware.vise.security.spring.DefaultAuthenticationProvider.logoutInternal(DefaultAuthenticationProvider.java:548)         at c
Post a Comment
Read more

Investigating virtual machine file locks on ESXi

      Details Adding an existing virtual machine disk (VMDK) to a virtual machine that is already powered on fails.                 Failed to add disk scsi0:1. Failed to power on scsi0:1   Powering on the virtual machine results in the power on task remaining at 95% indefinitely. Cannot power on the virtual machine after deploying it from a template. Powering on a virtual machine fails with an error: Unable to open Swap File Unable to access a file since it is locked Unable to access a file <filename> since it is locked Unable to access Virtual machine configuration In the /var/log/vmkernel log file, you see entries similar to: WARNING: World: VM xxxx: xxx: Failed to open swap file <path>: Lock was not free WARNING: World: VM xxxx: xxx: Failed to initialize swap file <path>   When opening a console to the virtual machine, you may receive the error: Error connecting to <path><virtual machin
Post a Comment
Read more

"Performance data is currently not available for this entity" viewing the performance tab

  Symptoms While accessing the performance tab and navigating to Overview, you see: No data available   The data for Real time, but fails to retrieve it for past 1 day, week, month or year.  While selecting the advance parameter in performance tab, you see: Performance data is currently not available for this entity Cause This issue is caused by the vCenter Server database (Postgress) containing a stale/future time stamp reference for the ESXi host when the data was collected. For vCenter Servers using SQL, see  "Performance data is currently not available for this entity" error after updating rollup in vSphere Resolution Backup the vCenter database. For more info
Post a Comment
Read more