In the last few days, I have been upgrading some of vCloud Director 9.7 and 10.2 to 10.4.x and found some problems with IP and hostname certificates. We discuss a similar error in this Cloud Director upgrade 10.4 NSX names matching IP error.
I have discussed similar vCD errors before here, like this one HERE. When installing the new Cloud Director 10.3, you can get certificate issues when using IP addresses and not hostnames to connect to your vCenter or NSX-V or NSX-T.
This problem happened when I upgraded to the latest Cloud Director, and then two Cloud Directors could not import certificates from an NSX-V and another NSX-T.
After upgrading a Cloud Director, we need to download/import all certificates again into the Cloud Director using the following command: cell-management-tool trust-infra-certs –vsphere –unattended.
As we can see in the image, the NSX-V with IP 192.168.1.109 was unable to import, and Cloud Director could not trust NSX-V.
So next is to check in Cloud Director the connection to the vCenter and the NSX-V.
Login to Cloud Director and refresh and test the connections for NSX-V.
Login to the VCD UI, go to Resources -> Infrastructure Resources -> vCenter Servers and manually edit each vCenter Server and Save it again.
I try connecting or refreshing the vCenter connection I get:
When I reconnect or refresh the NSX-V connection, I get:
I suspected this was a similar issue that we had some months ago when we installed Cloud Director 10.3. So to fix the problem, connect instead of the IP address I used for vCenter and NSX-V the FQND, and then try to reconnect.
After this change, the connection was ok.
The next step is to try to download/import the certificates again.
As we can see above, NSX-V was imported and trusted, but I still have an issue with the vCenter certificate. For that, we need to use the previous solution I wrote in the other article(added above).
After all these changes, vCenter and NSX-V were connected, and all was green.
As I said in the beginning, I had the same issue with another Cloud Director: I upgraded to 10.4 but with an NSX-T. The way to fix it is the same.
I hope this blog post Cloud Director upgrade 10.4 NSX names matching IP errors, helps you bypass these errors with NSX/V certificates when you upgrade your Cloud Director infrastructure to v10.4.
Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter.
Hello there, came across your post which is very nice and have useful information. Thanks for it. I have a setup where I am trying to configure infrastructure resources for the vcloud director 10.3.3 and getting the below error.
“”””
[ c590cf57-ab52-48d8-985b-519139a04bc4 ] Failed to connect to the NSX Manager – I/O error on GET request for “https://vcloud-xx.com:443/api/2.0/services/vcconfig”: vcloud-xx.com; nested exception is java.net.UnknownHostException: vcloud-xx.com – vcloud-xx.com
“”””””
Note: I have configured NSX-V manager in my environment not NSX-T as you given above.
Environment info:
Environment details:
VCD – 10.3.3
vCenter – 7.0U3c
NSX – 6.4.11
Do you have any suggestion here?
Hi,
Sorry my late reply was in the VMware Explore this week.
This is a very generic message. Some questions:
Is this a new implementation? An upgrade?
have you downloaded the certificates in your vCD?
Is your DNS in vCD working properly?
Are adding it as an FQDN or IP? If is by name, did you try only the IP?