Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Connecting NSX for Multi-Hypervisor re-installed NSX Controller fails (2077288)

Details

Transport nodes keep a copy of the NSX Controller certificate and use this certificate to authenticate communication with the Controller Cluster.

If the Controllers are reinstalled or reinitialized, the transport nodes will no longer communicate with the Controller Cluster due to the certificate change on the Controllers.

Note: If you restore Controller Cluster state from a snapshot, or if you reinstall one Controller and rejoin it to the cluster, then this issue does not arise because the original Controller certificate is retained.


Solution

Solution for Hypervisors: 

The certificate from the Controller must be updated manually on the Hypervisor after the re-installation or reinitialization of the Controller node.

To renew the Controller certificate on the Hypervisor:

  1. From the hypervisor console, remove the existing Controller certificate:

    # mv /etc/openvswitch/vswitchd.cacert /etc/openvswitch/vswitchd.cacert.bak

    Note: You may keep this as a backup, if required.

  2. Restart Open vSwitch:

    # /etc/init.d/openvswitch restart
This causes Open vSwitch to get a new copy of the Controller certificate from the Controller.


Solution for Gateways and Service Nodes:

The certificate from the Controller must be updated manually on each Service Node and NSX Gateway after the re-installation or re-initialization of the Controller node.

To renew the Controller certificate on the transport node:

  1. From the transport node CLI, disconnect this transport node from the Controller cluster:

    # clear switch managers

  2. Clear the Controller certificate:

    # clear switch manager-certificate

  3. Reconnect the transport node to the Controller Cluster:

    # add switch manager <ip_address_of_Controller>

This causes the transport node to get a new copy of the Controller certificate from the Controller.

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: