13 Replies Latest reply on Aug 16, 2019 12:58 AM by lmoglie

    Joing NSX to vCenter

    dbecker72 Lurker

           Every time I attempt to join NSX manager to vCenter I get the following error:



      The vCenter has a CA certificate applied and working.  I can ping between the NSX manager and vCenter without issue.  NTP is working and times are synced.  I can't find a lot on this error.

        • 1. Re: Joing NSX to vCenter
          lmoglie Enthusiast

          Hi dbecker72,


          assuming that there is communication between NSX Manager and vCenter on port 443; have you tried to reboot both PSC,vCenter and NSX Manager as well and then to join again??




          • 2. Re: Joing NSX to vCenter
            HassanAlKak88 Expert



            Please check the connection between NSX manager and vCenter server ? are these two appliances in the same subnet ?

            And please double check the Time between them.


            And if you please share the output for the following command from your NSX manager:  debug connection vCenterServerIPaddress

            • 3. Re: Joing NSX to vCenter
              dbecker72 Lurker

              I just restarted all components and I am getting the same results.

              • 4. Re: Joing NSX to vCenter
                dbecker72 Lurker

                Yes, NSX and vCenter are on the same subnet.  I have assigned their IP so they are actually one off from one another:


                vCenter -

                NSX -


                They are both pulling time from NTP.  I have bash enabled on vCenter to try to fix this so I verified that the clocks are nearly identical.



                The debug connection displays the following:


                I know that ports 902 and 903 are used for host communication.  I have 5 ESXi hosts running.  I'm not sure why these ports are closed or how to open them in vSphere.

                • 5. Re: Joing NSX to vCenter
                  HassanAlKak88 Expert



                  Good, and the output of the debug is normal.


                  can you advise about the versions of your manager and vsphere vcenter.

                  • 6. Re: Joing NSX to vCenter
                    HassanAlKak88 Expert

                    And can you try to ping the name of your vCenter from the NSX manager.

                    Or try to add the vCenter per IP address.

                    • 7. Re: Joing NSX to vCenter
                      lmoglie Enthusiast

                      How was generated the certificate presented on the vCenter - is a self-signed certificate??

                      Can you please provide us information about:

                      - Any issue to configure the "lookup service url"?? Is it the same of the vCenter or you have an external PSC??

                      - Are you performing a fresh installation or is an upgrade ?

                      - version of vCenter,

                      - version of NSX Manager

                      - Browser used and version as well

                      - then the output of the following command (from NSX manager): show log manager follow (Connecting NSX Manager to vCenter Server )


                      It looks like you have same issue with TLS1.0 certificate version present on the vCenter ...




                      • 8. Re: Joing NSX to vCenter
                        dbecker72 Lurker

                        I have made *some* progress with this.


                        I agree this is some kind of TLS issue.


                        Here is what I did and verified:


                        I am running the VCSA with integrated PSC.


                        I can definately ping between vCenter and NSX and NSX to vCenter via IP and DNS.


                        I am running vCenter 6.7.0 and NSX 6.2.0

                        The certificate on VCenter is a CA signed cert.  TLSv1.2

                        The certificate on NSX is the default, self signed certificate that is generated on install.


                        I have tried using Chrome and Firefox browsers, both yield the same results.


                        I tried the following command on NSX:


                        debug packet display interface mgmt port_80_or_port_443


                        This showed that only 4 packets were exchanged between NSX and vCenter.


                        I figured that there had to be some kind of cert error.


                        Logged into the VCSA and ran the following command to ensure that all TLS certs would be accepted:


                        ./reconfigureVc update -p TLSv1.0 TLSv1.1 TLSv1.2


                        After this was completed it demanded a re-start of vCenter for the settings to apply.  After the reboot it appeared that NSX will prompt to accept the vCenter Certs and NSX cays its connected:


                        Now nothing shows up in vCenter.  I'm not getting the Networking and Security Icon anywhere in the 'Home' tab.



                        Under the vCenter in Navigator, it lists NSX MAnager as an extension:



                        Thanks for the help and ideas so far.  It's gotta be close.

                        • 9. Re: Joing NSX to vCenter
                          lmoglie Enthusiast

                          Hi dbecker72,


                          nice to know that you have been able to join NSX Manger to the vCenter ... now you just have to log out from the vCenter and then log in again with administrator@vsphere.local user and the magic should happen ... ... ... after that you should give the right permission to the users .. and that's it.


                          Schermata 2019-08-09 alle 10.03.51.png




                          • 10. Re: Joing NSX to vCenter
                            dyadin Novice

                            NSX 6.2.x doesn't support vCenter 6.7, the minimal version is NSX 6.4.1 !


                            • 11. Re: Joing NSX to vCenter
                              dbecker72 Lurker

                              This is really frustrating since the NSX 6.2 System requirements are as follows:


                              When I read this I interpreted that vCenter 6.7 was later than 6.0.  It looks like some of the documentation needs updated!


                              I was able to get NSX 6.4.5, which I believe is the latest version.


                              I seemed to install a little cleaner.  Now I have the following issues:


                              When I try to setup the "Lookup Services URL" it asks me to accept the certificate then throws this error and won't allow be to continue.

                              My vCenter has a CA signed cert applied.  I'm not sure why this error would be thrown.


                              I also get the following error when I attempt to install NSX to the ESXi hosts.



                              Just saying "Internal server error has occured," doesn't really give me much to go on.  I am hoping someone has seen these before!



                              • 12. Re: Joing NSX to vCenter
                                dyadin Novice

                                If you don't have a external PSC, you don't need to setup Lookup Service URL.

                                Please make sure vCenter's EAM service is in running state (according to the screenshot it is in starting state)

                                • 13. Re: Joing NSX to vCenter
                                  lmoglie Enthusiast


                                  I'm a bit confused .... hoping that you are now running the versions of NSX and vCenter as shown/match in the compatibility matrix (VMware Product Interoperability Matrices ) ....

                                  then vcenter 6.7 and NSX Manager 6.4.5 it is possible that something has remained dirty from the previous attempt ... if you don't want to re-install everything from scratch, I suggest you take a look at the following link Safely Remove an NSX Installation

                                  Otherwise, submit to us your problem again :-)