• Global Managers were updated to 4.2.x from 4.1.x or earlier.
• Global Managers show the local manager(s) as disconnected
  
• Output of GET https://<managerIP>/api/v1/messaging/cluster-connection/status shows connection status as disconnected
  
  •             "address": "ssl://XXX.XXX.XXX.XXX:1236",
  •             "conn_status": "Disconnected",
  •             "node_id": "########-####-####-####-############",
  •             "node_type": "APPLIANCE_PROXY_HUB"
• In LM /var/log/syslog you see an error for unsupported certificate
  
  • proxy" s2comp="nsx-net" tid="3857662" level="INFO"] StreamSocket[9780 Open f:191 i:61022392 ? -> ssl://XXX.XXX.XXX.XXX:1236] on_connect 336151571-sslv3 alert unsupported certificate

• VMware NSX 4.1.x
• VMware NSX 4.2.x

The LM APH cert does not have the TLS Web Client Authentication (clientAuth) option in extended key usage set.  This is likely due to the managers being upgraded from a previous version that did not issue certificates with the client option set.  NSX 4.2.x uses an updated version of SSL (3.0.x).  Prior versions of OpenSSL would accept client certificates without the extended usage option.  Certificates are now required to have both TLS Web Server Authentication and TLS Web Client Authentication set in the extended key usage section. 

1. Regenerate the LM APH certificate(s)
2. Update the certificate in the Global Manager.