Every time I attempt to join NSX manager to vCenter I get the following error:
The vCenter has a CA certificate applied and working. I can ping between the NSX manager and vCenter without issue. NTP is working and times are synced. I can't find a lot on this error.
assuming that there is communication between NSX Manager and vCenter on port 443; have you tried to reboot both PSC,vCenter and NSX Manager as well and then to join again??
Please check the connection between NSX manager and vCenter server ? are these two appliances in the same subnet ?
And please double check the Time between them.
And if you please share the output for the following command from your NSX manager: debug connection vCenterServerIPaddress
Yes, NSX and vCenter are on the same subnet. I have assigned their IP so they are actually one off from one another:
vCenter - 10.175.1.200
NSX - 10.175.1.201
They are both pulling time from NTP. I have bash enabled on vCenter to try to fix this so I verified that the clocks are nearly identical.
The debug connection displays the following:
I know that ports 902 and 903 are used for host communication. I have 5 ESXi hosts running. I'm not sure why these ports are closed or how to open them in vSphere.
Good, and the output of the debug is normal.
can you advise about the versions of your manager and vsphere vcenter.
And can you try to ping the name of your vCenter from the NSX manager.
Or try to add the vCenter per IP address.
How was generated the certificate presented on the vCenter - is a self-signed certificate??
Can you please provide us information about:
- Any issue to configure the "lookup service url"?? Is it the same of the vCenter or you have an external PSC??
- Are you performing a fresh installation or is an upgrade ?
- version of vCenter,
- version of NSX Manager
- Browser used and version as well
- then the output of the following command (from NSX manager): show log manager follow (Connecting NSX Manager to vCenter Server )
It looks like you have same issue with TLS1.0 certificate version present on the vCenter ...
I have made *some* progress with this.
I agree this is some kind of TLS issue.
Here is what I did and verified:
I am running the VCSA with integrated PSC.
I can definately ping between vCenter and NSX and NSX to vCenter via IP and DNS.
I am running vCenter 6.7.0 and NSX 6.2.0
The certificate on VCenter is a CA signed cert. TLSv1.2
The certificate on NSX is the default, self signed certificate that is generated on install.
I have tried using Chrome and Firefox browsers, both yield the same results.
I tried the following command on NSX:
debug packet display interface mgmt port_80_or_port_443
This showed that only 4 packets were exchanged between NSX and vCenter.
I figured that there had to be some kind of cert error.
Logged into the VCSA and ran the following command to ensure that all TLS certs would be accepted:
./reconfigureVc update -p TLSv1.0 TLSv1.1 TLSv1.2
After this was completed it demanded a re-start of vCenter for the settings to apply. After the reboot it appeared that NSX will prompt to accept the vCenter Certs and NSX cays its connected:
Now nothing shows up in vCenter. I'm not getting the Networking and Security Icon anywhere in the 'Home' tab.
Under the vCenter in Navigator, it lists NSX MAnager as an extension:
Thanks for the help and ideas so far. It's gotta be close.
nice to know that you have been able to join NSX Manger to the vCenter ... now you just have to log out from the vCenter and then log in again with firstname.lastname@example.org user and the magic should happen ... ... ... after that you should give the right permission to the users .. and that's it.
NSX 6.2.x doesn't support vCenter 6.7, the minimal version is NSX 6.4.1 !
This is really frustrating since the NSX 6.2 System requirements are as follows:
When I read this I interpreted that vCenter 6.7 was later than 6.0. It looks like some of the documentation needs updated!
I was able to get NSX 6.4.5, which I believe is the latest version.
I seemed to install a little cleaner. Now I have the following issues:
When I try to setup the "Lookup Services URL" it asks me to accept the certificate then throws this error and won't allow be to continue.
My vCenter has a CA signed cert applied. I'm not sure why this error would be thrown.
I also get the following error when I attempt to install NSX to the ESXi hosts.
Just saying "Internal server error has occured," doesn't really give me much to go on. I am hoping someone has seen these before!
If you don't have a external PSC, you don't need to setup Lookup Service URL.
Please make sure vCenter's EAM service is in running state (according to the screenshot it is in starting state)
I'm a bit confused .... hoping that you are now running the versions of NSX and vCenter as shown/match in the compatibility matrix (VMware Product Interoperability Matrices ) ....
then vcenter 6.7 and NSX Manager 6.4.5 it is possible that something has remained dirty from the previous attempt ... if you don't want to re-install everything from scratch, I suggest you take a look at the following link Safely Remove an NSX Installation
Otherwise, submit to us your problem again 🙂