All Transport Nodes within the specific cluster show an "NSX Configuration" status of "Validation Error."

Attempts to remediate the cluster using the standard cluster-level Transport Node Profile (TNP) result in a loss of overlay networking and service outages for hosts in Availability Zone 2 (AZ2).

The issue is specific to stretched clusters where hosts in different availability zones have different VLAN or uplink requirements.

VMware NSX

The root cause is a topology mismatch between the applied Transport Node Profile (TNP) and the physical network requirements of the stretched cluster.

In this scenario, the cluster-level TNP is configured with an Uplink Profile designed for Availability Zone 1 (AZ1). When this profile is applied to the entire cluster, NSX attempts to force the AZ1 configuration onto the hosts in Availability Zone 2 (AZ2). This action attempts to overwrite the valid manual configuration or existing Transport Zone settings on the AZ2 hosts.

Because the AZ2 hosts have active VMs (Vif Attachments) connected to segments that the new profile is trying to modify or remove, the safety validation blocks the update, resulting in the "Cannot update TransportNode" error.

To resolve this issue, Sub-Clusters and Sub-Transport Node Profiles (Sub-TNPs) need to be implemented to handle the distinct network requirements of each Availability Zone - Sub-TNPs and Sub-clusters.

Prerequisite: Ensure we have identified the specific hosts belonging to AZ2 and the correct Uplink Profile/VLAN configuration required for that zone.

1. In NSX Manager, create a Sub-Cluster configuration for the hosts in Availability Zone 2 (AZ2).

2. Create a Sub-Transport Node Profile (Sub-TNP) that contains the correct Uplink Profile and network settings for AZ2.

3. Manually attach the Sub-Cluster mapping to all hosts in AZ2.

4. Apply the Sub-Transport Node Profile to these specific AZ2 hosts. This ensures they receive the correct configuration without conflict.

5. Confirm that overlay networking is restored and that Tunnel Endpoints (TEPs) on AZ2 hosts are receiving valid DHCP leases.

6. Apply the primary (original) Transport Node Profile to the cluster level.

Note: The hosts in AZ1 will inherit this primary configuration, while the hosts in AZ2 will continue to use the specific Sub-TNP configuration we applied.