dbecker72
Contributor
Contributor

Joing NSX to vCenter

     Every time I attempt to join NSX manager to vCenter I get the following error:

pastedImage_0.png

The vCenter has a CA certificate applied and working.  I can ping between the NSX manager and vCenter without issue.  NTP is working and times are synced.  I can't find a lot on this error.

0 Kudos
13 Replies
lmoglie
Enthusiast
Enthusiast

Hi dbecker72,

assuming that there is communication between NSX Manager and vCenter on port 443; have you tried to reboot both PSC,vCenter and NSX Manager as well and then to join again??

Regards

LM

0 Kudos
HassanAlKak88
Expert
Expert

Hello,

Please check the connection between NSX manager and vCenter server ? are these two appliances in the same subnet ?

And please double check the Time between them.

And if you please share the output for the following command from your NSX manager:  debug connection vCenterServerIPaddress

pastedImage_0.png


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
dbecker72
Contributor
Contributor

I just restarted all components and I am getting the same results.

0 Kudos
dbecker72
Contributor
Contributor

Yes, NSX and vCenter are on the same subnet.  I have assigned their IP so they are actually one off from one another:

vCenter - 10.175.1.200

NSX - 10.175.1.201

They are both pulling time from NTP.  I have bash enabled on vCenter to try to fix this so I verified that the clocks are nearly identical.

pastedImage_0.png

The debug connection displays the following:

pastedImage_1.png

I know that ports 902 and 903 are used for host communication.  I have 5 ESXi hosts running.  I'm not sure why these ports are closed or how to open them in vSphere.

0 Kudos
HassanAlKak88
Expert
Expert

Hello,

Good, and the output of the debug is normal.

can you advise about the versions of your manager and vsphere vcenter.


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
HassanAlKak88
Expert
Expert

And can you try to ping the name of your vCenter from the NSX manager.

Or try to add the vCenter per IP address.


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
lmoglie
Enthusiast
Enthusiast

How was generated the certificate presented on the vCenter - is a self-signed certificate??

Can you please provide us information about:

- Any issue to configure the "lookup service url"?? Is it the same of the vCenter or you have an external PSC??

- Are you performing a fresh installation or is an upgrade ?

- version of vCenter,

- version of NSX Manager

- Browser used and version as well

- then the output of the following command (from NSX manager): show log manager follow (Connecting NSX Manager to vCenter Server )

It looks like you have same issue with TLS1.0 certificate version present on the vCenter ...

Regards

LM

0 Kudos
dbecker72
Contributor
Contributor

I have made *some* progress with this.

I agree this is some kind of TLS issue.

Here is what I did and verified:

I am running the VCSA with integrated PSC.

I can definately ping between vCenter and NSX and NSX to vCenter via IP and DNS.

I am running vCenter 6.7.0 and NSX 6.2.0

The certificate on VCenter is a CA signed cert.  TLSv1.2

The certificate on NSX is the default, self signed certificate that is generated on install.

I have tried using Chrome and Firefox browsers, both yield the same results.

I tried the following command on NSX:

debug packet display interface mgmt port_80_or_port_443

This showed that only 4 packets were exchanged between NSX and vCenter.

I figured that there had to be some kind of cert error.

Logged into the VCSA and ran the following command to ensure that all TLS certs would be accepted:

./reconfigureVc update -p TLSv1.0 TLSv1.1 TLSv1.2

After this was completed it demanded a re-start of vCenter for the settings to apply.  After the reboot it appeared that NSX will prompt to accept the vCenter Certs and NSX cays its connected:

pastedImage_1.png

Now nothing shows up in vCenter.  I'm not getting the Networking and Security Icon anywhere in the 'Home' tab.

pastedImage_2.png

Under the vCenter in Navigator, it lists NSX MAnager as an extension:

pastedImage_3.png

Thanks for the help and ideas so far.  It's gotta be close.

0 Kudos
lmoglie
Enthusiast
Enthusiast

Hi dbecker72,

nice to know that you have been able to join NSX Manger to the vCenter ... now you just have to log out from the vCenter and then log in again with administrator@vsphere.local user and the magic should happen ... Smiley Happy ... ... after that you should give the right permission to the users .. and that's it.

Schermata 2019-08-09 alle 10.03.51.png

1.png

Enjoy

LM

0 Kudos
dyadin
Enthusiast
Enthusiast

NSX 6.2.x doesn't support vCenter 6.7, the minimal version is NSX 6.4.1 !

WX20190815-212127@2x.png

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Cheers, Matt Zhang VCIX-NV | VCP-NV-CMA-DTM | CCDA | CCIE R&S
0 Kudos
dbecker72
Contributor
Contributor

This is really frustrating since the NSX 6.2 System requirements are as follows:

pastedImage_1.png

When I read this I interpreted that vCenter 6.7 was later than 6.0.  It looks like some of the documentation needs updated!

I was able to get NSX 6.4.5, which I believe is the latest version.

I seemed to install a little cleaner.  Now I have the following issues:

When I try to setup the "Lookup Services URL" it asks me to accept the certificate then throws this error and won't allow be to continue.

pastedImage_2.png

My vCenter has a CA signed cert applied.  I'm not sure why this error would be thrown.

I also get the following error when I attempt to install NSX to the ESXi hosts.

pastedImage_3.png

Just saying "Internal server error has occured," doesn't really give me much to go on.  I am hoping someone has seen these before!

Thanks!

0 Kudos
dyadin
Enthusiast
Enthusiast

If you don't have a external PSC, you don't need to setup Lookup Service URL.

Please make sure vCenter's EAM service is in running state (according to the screenshot it is in starting state)

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Cheers, Matt Zhang VCIX-NV | VCP-NV-CMA-DTM | CCDA | CCIE R&S
0 Kudos
lmoglie
Enthusiast
Enthusiast

Hi,

I'm a bit confused .... hoping that you are now running the versions of NSX and vCenter as shown/match in the compatibility matrix (VMware Product Interoperability Matrices ) ....

then vcenter 6.7 and NSX Manager 6.4.5 it is possible that something has remained dirty from the previous attempt ... if you don't want to re-install everything from scratch, I suggest you take a look at the following link Safely Remove an NSX Installation

Otherwise, submit to us your problem again 🙂

Cheers,

LM

0 Kudos