NSX MPA connectivity down for Edge with the alarm "Management channel to Transport Node <Edge Name> is down" after replacing the NSX manager nodes.
search cancel

NSX MPA connectivity down for Edge with the alarm "Management channel to Transport Node <Edge Name> is down" after replacing the NSX manager nodes.

book

Article ID: 425462

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX MPA connectivity down for Edge with the alarm "Management channel to Transport Node <Edge Name> is down."
  • Restarting the proxy service does not resolve the issue. 
  • API curl -k -u 'admin:password' -X GET "https://<NSX manager IP/FQDN>/api/v1/transport-nodes/<Edge node ID>/status" shows the following.   
    Host configuration: Failed to send the HostConfig message. [TN=TransportNode/<Edge ID>]. Reason: Failed to send HostConfig RPC to MPA
    TN:<Edge ID>. Error: Unable to reach client <Edge ID>, application SwitchingVertical
  • On the faulty edge, messages similar to the following are seen in the /var/log/syslog file 
    <Edge FQDN> NSX 10196 - [nsx@6876 comp="nsx-edge" subcomp="nsx-proxy" s2comp="nsx-net" tid="10197" level="WARNING"] StreamConnection[60033 
    Connecting to ssl://<NSX Manager IP>:1234 sid:####] Couldn't connect to 'ssl://<NSX Manager IP>:1234' (error: ########-certificate verify failed)
  • When the following command is issued from the edge as the root user, it shows IPs and UUIDs that differ from the current cluster IPs and UUIDs. 
    grep -iE "<ip>|<uuid>" /etc/vmware/nsx/appliance-info.xml

Environment

VMware NSX 

Cause

The edge or host transport nodes lost connectivity to MP, and the NSX managers were replaced in the meantime.

Resolution

  1. SSH to the edge node as the root user. 
  2. Back up the existing appliance-info.xml file from the disconnected Edge :
    mv /etc/vmware/nsx/appliance-info.xml /etc/vmware/nsx/appliance-info.xml_backup
  3. Copy this file from an NSX manager: /etc/vmware/nsx/appliance-info.xml
  4. Place the appliance-info.xml from the manager onto the same folder in the disconnected transport node under /etc/vmware/nsx.
  5. Push the edge certificate by running the following command as the root user on the edge. 
    nsxcli -c “push host-certificate <NAX Manager IP / FQDN]> username <username> thumbprint <edge thumbprint>”
  6. Restart the nsx-proxy service on the transport node as root: /etc/init.d/nsx-proxy restart 
    /etc/init.d/nsx-proxy restart
  7. Refresh the NSX UI and confirm that the connectivity was restored successfully. 

Additional Information

NSX Configuration in Edge or Host Transport Node is seen in Failed state after Certificate expiry

Powered by Wolken Software