You might need to re-register vCenter Server OIDC with NSX Manager in certain situations, for example when the FQDN/PNID of vCenter Server changes.

Procedure

  1. Connect to the vCenter Server Appliance through SSH.
  2. Run the command shell.
  3. To get the vCenter Server thumbprint, run the follwoing command: 
    - openssl s_client -connect vcenterserver-FQDN:443 </dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
    The thumbprint is displayed. For example, 08:77:43:29:E4:D1:6F:29:96:78:5F:BF:D6:45:21:F4:0E:3B:2A:68:05:99:C3:A4:89:8F:F2:0B:EA:3A:BE:9D
  4. Copy the SHA256 thumbprint and remove colons.
    08774329E4D16F2996785FBFD64521F40E3B2A680599C3A4898FF20BEA3ABE9D
  5. To update the OIDC of vCenter Server, run the following command: 
    curl --location --request POST 'https://<NSX-T_ADDRESS>/api/v1/trust-management/oidc-uris' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Basic <AUTH_CODE>' \
    --data-raw '{
 "oidc_type": "vcenter",
     "oidc_uri": "https://<VC_ADDRESS>/openidconnect/vsphere.local/.well-known/openid-configuration",
     "thumbprint": "<VC_THUMBPRINT>"
    }'

Unable to Change NSX Appliance Password

You might be unable to change the NSX appliance password for the root, admin, or audit users.

Problem

Attempts to change the NSX appliance password for the root, admin, or audit users. through the vSphere Client may fail.

Cause

During the installation of the NSX Manager, the procedure only accepts one password for all three roles. Attempts to change this password later may fail.

Solution

Troubleshooting Failed Workflows and Unstable NSX Edges

If your workflows fail or the NSX Edges are unstable, you can perform troubleshooting steps.

Problem

When you change the distributed port group configuration on the vSphere Client, workflows might fail and the NSX Edges might become unstable.

Cause

Removal or modification of the distributed port groups for overlay and uplink that were created during the NSX Edge cluster setup of cluster configuration, is not allowed by design.

Solution

If you require to change the VLAN or IP Pool configuration of NSX Edges, you must first remove elements of NSX and the vSphere IaaS control plane configuration from the cluster.

For information about removing elements of NSX, see the NSX Installation Guide.

Collect Support Bundles for Troubleshooting NSX

You can collect support bundles on registered cluster and fabric nodes for troubleshooting and download the bundles to your machine or upload them to a file server.

If you choose to download the bundles to your machine, you get a single archive file consisting of a manifest file and support bundles for each node. If you choose to upload the bundles to a file server, the manifest file and the individual bundles are uploaded to the file server separately.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager.
  2. Select System > Support Bundle.
  3. Select the target nodes.
    The available types of nodes are Management Nodes, Edges, Hosts, and Public Cloud Gateways.
  4. (Optional) Specify log age in days to exclude logs that are older than the specified number of days.
  5. (Optional) Toggle the switch that indicates whether to include or exclude core files and audit logs.
    Note: Core files and audit logs might contain sensitive information such as passwords or encryption keys.
  6. (Optional) Select the check box to upload the bundles to a file server.
  7. Click Start Bundle Collection to start collecting support bundles.
    The number of log files for each node determines the time taken for collecting support bundles.
  8. Monitor the status of the collection process.
    The Status tab shows the progress of collecting support bundles.
  9. Click Download to download the bundle if the option to send the bundle to a file server was not set.

Collect Log Files for NSX

You can collect logs that are in the vSphere IaaS control plane and NSX components to detect and troubleshoot errors. The log files might be requested by VMware Support.

Procedure

  1. Log in to the vCenter Server using the vSphere Client .
  2. Collect the following log files.
    Log File Description
    /var/log/vmware/wcp/wcpsvc.log Contains information related to vSphere IaaS control plane enablement.
    /var/log/vmware/wcp/nsxd.log Contains information related to the NSX components configuration.
  3. Log in to NSX Manager.
  4. Collect the /var/log/proton/nsxapi.log for information on the error that the NSX Manager returns when a specific vSphere IaaS control plane operation has failed.

Restart the WCP Service If the NSX Management Certificate, Thumbprint, or IP Address Changes

If the NSX Management certificate, thumbprint or IP address changes after you have installed vSphere IaaS control plane, you must restart the WCP service.

Restart the WCP Service If the NSX Certificate Changes

Currently, vSphere IaaS control plane requires that if the NSX certificate or thumbprint, or if the NSX IP address changes, you must restart the WCP service for the change to take effect. If either change occurs without a restart of the service, communication between vSphere IaaS control plane and NSX fails and certain symptoms can arise, such as NCP entering into CrashLoopBackoff stage or Supervisor resources becoming undeployable.

To restart the WCP service, use the vmon-cli.
  1. SSH to the vCenter Server and log in as the root user.
  2. Run the command shell.
  3. Run the command vmon-cli -h to view usage syntax and options.
  4. Run the command vmon-cli -l to view the wcp process.

    You see the wcp service at the bottom of the list.

  5. Run the command vmon-cli --restart wcp to restart the wcp service.

    You see the message Completed Restart service request.

  6. Run the command vmon-cli -s wcp and verify that the wcp service is started.
    For example: 
    root@localhost [ ~ ]# vmon-cli -s wcp
Name: wcp
Starttype: AUTOMATIC
RunState: STARTED
RunAsUser: root
CurrentRunStateDuration(ms): 22158
HealthState: HEALTHY
FailStop: N/A
MainProcessId: 34372