• On the failing ESXi node, running the command nsxcli -c get controllers it shows a disconnected status for the NSX controller.
  
  
  
  
• When you run the command nc -z <nsxmgrip> 1235 command for testing the Transmission Control Protocol (TCP) port 1235 on all 3 NSX managers, some NSX managers are not reachable.
  
  

Check the logs on affected transport node

nsx-syslog.log:

2024-11-08T09:37:58.629Z nsx-prozy[3594881]: NSX 3594881 - [nsx@6878 comp="nsx-esx" subcomp="nsxproxy"  s2comp="nsx-net" tid="3594908" level="WARNING"] StreancConnection[1197 connecting to ssl://<nsxmgrip>:1235 sid:1197] Couldn`t connect to 'ssl://x.x.x.x:1235' (error: 110-Connection timed out)

2024-11-08T09:37:58.629z nsx-proxy[3594881]: NSX 3594881 - [nsx@6876 comp="nsx-esx" subcomp="nsx-proxy" s2compu="nsx-net" tid="3594908" level="WARNING"] StreamConnection[1197 Error to ssl://<nsxmgrip>:1235 sid-1] Error 110-Connection timed out

VMware NSX 

• Communications issue between NSX Manager and NSX-Proxy
  
  
• NSX Manager communicates with NSX-Proxy through port 1234.
  
  
• The central control plane (CCP) communicates with NSX-Proxy through port 1235.
  
  
• In the NSX-T environment, the NSX-T Manager also contains the NSX-T Controller component. NSX-T Controllers control the virtual networks and overlay transport tunnels. The controllers are responsible for the programmatic deployment of virtual networks across the entire NSX-T architecture.
  
  
• Ports requirement for NSX https://ports.broadcom.com/home/NSX 

• Check the connectivity from affected transport node to all 3 NSX managers using nc -z <nsxmgrip> 1234 & nc -z <nsxmgrip> 1235
  
  
• Check the firewall settings on the transport node and make sure ports 1234 and 1235 is allowed in Outgoing tab. 
  
  
• Involve your internally team to check the firewall rules on the physical switches and firewall.