Skip to main content

Relinking vCenter Server Appliance and NSX-T after VCSA PNID or SSL certificate change

  Details

This article provides information on how to modify VCSA PNID or SSL certificates when communication between vCenter Server Appliance (VCSA) and NSX-T Data Center fails.
Solution
Note: These steps do not include updating communication parameters between VCSA and NSX-T. After the VCSA PNID or SSL certificate has been successfully changed and all VCSA services have been restarted, you need to take additional steps to update communication parameters between VCSA and NSX-T.  These steps are as follows:
  1. Log into the VCSA appliance as root.
  2. Run this command: 

    /usr/lib/vmware-wcp/relink_nsx.py

    For example:

    /usr/lib/vmware-wcp/relink_nsx.py
    Enter password for NSX user 'admin'
    Password: <Password of NSX built-in user 'admin'>

    2020-02-19T17:56:07.987Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmp_qiji6me']
    2020-02-19T17:56:08.018Z Done running command
    2020-02-19T17:56:08.019Z Running command: ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getkey', '--store', 'vpxd-extension', '--alias', 'vpxd-extension', '--output', '/var/tmp/vmware/tmpk052r6u4']
    2020-02-19T17:56:08.046Z Done running command
    2020-02-19T17:56:08.650Z Updating CM; NSX: 10.178.221.133:443, id: 955766ae-419d-4df4-b8ba-1270eaf6c0c0, VC: example.vmware.com, SSL: F3:A5:88:CA:4B:9D:45:37:B0:E6:A1:20:50:97:B1:CB:A0:8D:50:D2:8B:76:53:A2:67:F5:27:29:DB:55:D8:EC
    2020-02-19T17:56:21.447Z Updated CM: {'server': 'example.vmware.com', 'origin_type': 'vCenter', 'credential': {'thumbprint': 'F3:A5:88:CA:4B:9D:45:37:B0:E6:A1:20:50:97:B1:CB:A0:8D:50:D2:8B:76:53:A2:67:F5:27:29:DB:55:D8:EC', 'credential_type': 'SessionLoginCredential'}, 'origin_properties': [{'key': 'fullName', 'value': 'VMware vCenter Server 7.0.0 build-33446796'}, {'key': 'localeVersion', 'value': 'INTL'}, {'key': 'version', 'value': '7.0.0'}, {'key': 'originComputeManagerDescription', 'value': ''}, {'key': 'apiVersion', 'value': '7.0.0.0'}, {'key': 'build', 'value': '33446796'}, {'key': 'vendor', 'value': 'VMware, Inc.'}, {'key': 'licenseProductName', 'value': 'VMware VirtualCenter Server'}, {'key': 'name', 'value': 'VMware vCenter Server'}, {'key': 'osType', 'value': 'linux-x64'}, {'key': 'instanceUuid', 'value': '9c818def-80bd-4a0d-a07b-0596ad5b8efc'}, {'key': 'originComputeManagerName', 'value': 'VMware vCenter Server'}, {'key': 'localeBuild', 'value': '000'}, {'key': 'licenseProductVersion', 'value': '7.0'}, {'key': 'apiType', 'value': 'VirtualCenter'}, {'key': 'productLineId', 'value': 'vpx'}], 'trust_as_auth_server': False, 'reverse_proxy_https_port': 443, 'resource_type': 'ComputeManager', 'id': '955766ae-419d-4df4-b8ba-1270eaf6c0c0', 'display_name': '955766ae-419d-4df4-b8ba-1270eaf6c0c0', 'description': '', '_create_user': 'admin', '_create_time': 1581963548474, '_last_modified_user': 'admin', '_last_modified_time': 1582134971314, '_protection': 'NOT_PROTECTED', '_revision': 16}
    2020-02-19T17:56:21.471Z Updating OIDC EP; NSX: 10.178.221.133:443, id: 4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14, VC: example.vmware.com, SSL: F3A588CA4B9D4537B0E6A1205097B1CBA08D50D28B7653A267F52729DB55D8EC
    2020-02-19T17:56:22.139Z Updated OIDC EP: {'oidc_uri': 'https://example.vmware.com/openidconnect/vsphere.local/.well-known/openid-configuration', 'thumbprint': 'f3a588ca4b9d4537b0e6a1205097b1cba08d50d28b7653a267f52729db55d8ec', 'oidc_type': 'vcenter', 'issuer': 'https://example.vmware.com/openidconnect/vsphere.local', 'jwks_uri': 'https://example.vmware.com/openidconnect/jwks/vsphere.local', 'resource_type': 'OidcEndPoint', 'id': '4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14', 'display_name': '4f86dcceb8bf11b63e3d339bb89a3c9372ce77224382e268318ed821c2bc6c14', '_system_owned': False, '_create_user': 'admin', '_create_time': 1582134982050, '_last_modified_user': 'admin', '_last_modified_time': 1582134982050, '_protection': 'NOT_PROTECTED', '_revision': 0}
    2020-02-19T17:56:22.171Z Updating NSX UI plugin registration; VC: example.vmware.com, SSL: 97:D1:3A:BB:02:5A:CD:06:51:F4:3E:38:4B:C1:AB:2B:33:16:31:41
    2020-02-19T17:56:22.342Z Updated NSX UI plugin

Comments

Post a Comment

Popular posts from this blog

Error [403] The maximum number of sessions has been exceeded in the H5 client during login or logout

  Symptoms In virgo log, you see messages similar to: [2020-05-19T07:25:45.285Z] [ERROR] http-nio-5090-exec-130 72026859 142953 501051 com.vmware.vise.security.spring.DefaultAuthenticationProvider logout failed for sessionId 142953, clientId 501051 java.lang.IllegalStateException: The specified cardinality of 1..1 for osgi:reference implementing com.vmware.vcenter.apigw.api.ApiGatewaySessionManager in bundle com.vmware.h5ngc requires that exactly one OSGI service satisfies the filtering criteria but no such service was found.         at com.vmware.o6jia.context.ExternalServiceTargetSource.getTarget(ExternalServiceTargetSource.java:99)         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:192)         at com.sun.proxy.$Proxy159.logout(Unknown Source)   ...
Post a Comment
Read more

"Failed to configure vAPI Endpoint Service at the firstboot time" while installing Windows VC 6.5

  Symptoms While configuring the vAPI EndPoint Service, you experience these symptoms: Windows vCenter Server 6.5 installation fails while configuring the vAPI EndPoint Service vCenter Server 6.5 installation on a Windows Server fails during the vAPI EndPoint Service during the firstboot time. You see the error: Error: An error occurred while starting service 'vapi-endpoint'. Failed to start the vAPI Endpoint Service. Failed to configure vAPI Endpoint Service at the firstboot time. Please file a bug against VAPI   In vapi_firstboot.py_2948_stderr.log file, you see entries similar to: No valid files with pathname: C:\ProgramData\VMware\vCenterServer\logs\vapi\endpoint* found. ERROR starting vapi-endpoint rc: 2, stdout: , stderr: Start service request failed. Error: Service crashed while starting^M vapi firstboot failed Traceback (most recent call last): File "C:\Program Files\VMware\vCenter Server\firstbo...
Post a Comment
Read more

Cloning and converting virtual machine disks with vmkfstools

 Purpose This article provides information and instructions on the use of the vmkfstools command to convert virtual machine disks from one type to another. Resolution The vmkfstools command offers the ability to clone virtual machine content and also convert from one virtual machine disk ( .vmdk ) format into another. Note : The host operating system chosen to perform the conversion may not necessarily support running of virtual machines via the output format defined. vmkfstools maintains the possibility of exporting virtual disks for use in other VMware products which support alternative disk formats. To convert a virtual machine disk from one type to another: Shut down the virtual machine. Virtual machine disk files are locked while in-use by a running virtual machine. Log in to the VMware vSphere Management Assistant (v...
Post a Comment
Read more