NSX load balancer pool member is down after NSX edge upgrade from NSX 3.2 to NSX 4.2
Article ID: 393524
Updated On:
Products
VMware NSX
Issue/Introduction
- Pool member is down after NSX edge upgrade from NSX 3.2 to NSX 4.2.
- NSX manager UI shows
'SSL handshake failure'. - Testing SSL connection from NSX edge to pool member with specified cipher and SSL protocol shows handshake failure.
openssl s_client -connect <virtual-ip>:<port> -cipher <new-cipher-name> -tls1_2
Environment
VMware NSX
Cause
Cipher mismatch between NSX and pool members.
Resolution
- In NSX manager UI go to
Load Balancing > Profiles > SSLexpand the profile configured and check'Supported SSL Ciphers'. Check if supported ciphers on both pool members and NSX manager match. - In case of any difference edit existing SSL profile or create a new SSL profile with required ciphers.
- For more information, Refer: https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/administration-guide/load-balancer/setting-up-load-balancer-components/setting-up-virtual-server-components/add-an-ssl-profile.html
Additional Information
If SSL ciphers are matching please open a support case with Broadcom.
Customer can also create a custom Client and Server SSL Profile using the custom option in the manager UI. Reference screenshot:
Feedback
Yes
No
Powered by
