Host and Edge Transport Nodes disconnected from NSX Managers after NSX restore from backup
Article ID: 369991
Updated On:
Products
Issue/Introduction
After restoring NSX from backup, the existing Host and Edge Transport Nodes may show "Disconnected" and attempts to configure new Host TN's for NSX may fail at step "Applying NSX switch configuration".
Environment
VMware NSX-T 3.x, NSX 4.0.x and NSX 4.1.x.
Cause
When manager nodes were replaced or restored, the API certificates will have changed. Therefore, it is normal that the TNs and Edges won't connect to the restored nodes based off the backup.
This could also happen after you replace the NSX manager certs using the replace_certs.py from this KB: https://knowledge.broadcom.com/external/article?articleNumber=369349
This may also happen, albeit rarer occurrence, when NSX is upgraded from NSX-T 3.x to NSX 4.x, the edge or transport node host were upgraded but lost connectivity to the NSX manager afterward.
Resolution
For NSX 4.0.x and 4.1.x version, please use the below workaround.
On NSX manager node:
- SSH into a manager node as admin
- admin: > get certificate api thumbprint
- copy the <thumbprint>
On NSX Transport Node
- root: # nsxcli -c sync-aph-certificates <NSX-Manager-IP> username admin thumbprint <thumbprint> password <password>
- root: # /etc/init.d/nsx-proxy restart
On Edge node
- SSH into the edge node as admin
- admin: > sync-aph-certificates <NSX-Manager-IP> username admin thumbprint <thumbprint> password <password>
- Switch to engineering mode (root) by entering: > st en
- root: # /etc/init.d/nsx-proxy restart
Refresh the NSX UI and check if the hosts and edges are connecting back.
For NSX-T 3.x, please open a Broadcom support case and reference this KB article attaching the support bundles for NSX managers and the affected NSX Transport Nodes (NSX edge and ESXi host).
Feedback
