Host and Edge Transport Nodes disconnected from NSX UI after NSX managers were restored from backup
search cancel

Host and Edge Transport Nodes disconnected from NSX UI after NSX managers were restored from backup

book

Article ID: 369991

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • After restoring NSX from backup, the existing Host and Edge Transport Nodes may show "Disconnected".
  • Attempts to configure the disconnected host transport nodes for NSX may fail at step "Applying NSX switch configuration" roughly at 67%.
  • There is no traffic interruption and existing NSX Edges are still forwarding traffic. 
  • Issuing the following command on the transport node may show all NSX managers are standby:
    • nsxcli > get managers

Fri Apr 25 2025 UTC 03:02:43.915
- <NSX-manager-1-IP>      Standby (NSX-RPC)
- <NSX-manager-2-IP>      Standby (NSX-RPC)
- <NSX-manager-3-IP>      Standby (NSX-RPC) 

Environment

VMware NSX-T 

VMware NSX

Cause

When manager nodes were replaced or restored, the APH certificates and manager UUID will have changed. Therefore, it is normal that the TNs and Edges won't connect to the restored nodes based off the backup. 

This may also happen, albeit rarer occurrence, when NSX is upgraded from NSX-T 3.x to NSX 4.x, the edge or host transport nodes were upgraded but lost connectivity to the NSX manager afterward. 

Resolution

This issue is resolved in NSX 4.2.0. 

 
 
####################################################################################################################################
  • If NSX managers are restored from a backup that might be suspected of having an older configuration, the below workaround may cause traffic disruption on the VMs and should be used with caution.
  • Example of difference in configuration are T1/T0, DFW rules, segments, etc. 
####################################################################################################################################

 

For VMware NSX 4.x, please use the workaround below :

On NSX manager node:

  • SSH into a manager node as admin
  • admin: > get certificate api thumbprint
  • copy the <thumbprint>

On NSX Transport Node

  • root: # nsxcli -c sync-aph-certificates <NSX-Manager-IP> username admin thumbprint <thumbprint> password <password>
  • root: # /etc/init.d/nsx-proxy restart

On Edge node

  • SSH into the edge node as admin
  • admin: > sync-aph-certificates <NSX-Manager-IP> username admin thumbprint <thumbprint> password <password>
  • Switch to engineering mode (root) by entering: > st en
  • root: # /etc/init.d/nsx-proxy restart

Refresh the NSX UI to check the status of the hosts and edge nodes. 

 

For VMware NSX-T 3.x, please use the workaround below:

  • Copy this file from a NSX manager: /etc/vmware/nsx/appliance-info.xml
  • Back up the existing appliance-info.xml file from the disconnected host: mv /etc/vmware/nsx/appliance-info.xml /etc/vmware/nsx/appliance-info.xml_backup
  • Place the appliance-info.xml from the manager onto the same folder in the disconnected transport node under /etc/vmware/nsx.
  • Restart the nsx-proxy service on the transport node as root: /etc/init.d/nsx-proxy restart 
  • Refresh the NSX UI and confirm that the host preparation completed successfully. 
    • If host preparation does not start automatically, trigger an update by selecting the host from NSX UI "System", "Fabric", "Hosts" and select "Configure NSX" with the existing settings.
  • Verify the status of the transport nodes 
Powered by Wolken Software