IPSec VPN Sessions down with error "Transport Node Health: Monitoring Framework Unhealthy"
search cancel

IPSec VPN Sessions down with error "Transport Node Health: Monitoring Framework Unhealthy"

book

Article ID: 426799

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

All IPSec VPN sessions are down, with the following alarm triggered on the NSX UI.
2025-06-03T18:53:59.796Z INFO pool-84-thread-5 MonitoringEventInstanceProcessor ####558 MONITORING [nsx@6876 comp="nsx-manager" level="INFO" subcomp="monitoring"] Context for alarm with eventid transport_node_health.monitoring_framework_unhealthy and entity id ######fa-###b-###0-###4-##########c8 is {"entity_id": "######fa-###b-###0-###4-##########c8"}

syslog logs show IPSEC_STATUS_DOWN
var/log/syslog.4:897166:2025-06-03T19:44:48.120Z edge01.lab.local NSX ####82 VPN [nsx@6876 comp="nsx-edge" subcomp="iked" s2comp="iked-main" level="INFO"] Request for IPSEC tunnel status update : tunnel: ##08, rule: #####3459, local_ip: ##.##.##.##, peer_ip: ##.##.##.## inbound_spi: 0x39b7405, outbound_spi: 0xc787bfed status: IPSEC_STATUS_DOWN, error:
var/log/syslog.4:898308:2025-06-03T19:45:01.406Z edge01.lab.local NSX ####82 VPN [nsx@6876 comp="nsx-edge" subcomp="iked" s2comp="iked-main" level="INFO"] Request for IPSEC tunnel status update : tunnel: ##08, rule: #####3469, local_ip: ##.##.##.##, peer_ip: ##.##.##.## inbound_spi: 0x1f435106, outbound_spi: 0xc77d9346 status: IPSEC_STATUS_DOWN, error:

Datapath seems to be blocked in the syslog:
var/log/syslog.2:22506:2025-06-03T23:18:06.604Z edge01.lab.local NSX #####88 SYSTEM [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="ovs-rcu" tname="urcu2" level="WARN"] blocked 16384000 ms waiting for dp-ipc31 to quiesce
var/log/syslog.2:24054:2025-06-03T23:18:28.810Z edge01.lab.local NSX #####88 SYSTEM [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="ovs-rcu" tname="dp-si-purge5" level="WARN"] blocked 16384000 ms waiting for dp-ipc31 to quiesce

No connection to DP observed:
44006:2025-06-04T02:08:55.338Z edge01.lab.local NSX 3267 - [nsx@6876 comp="nsx-edge" subcomp="agg-service" tid="3552" level="ERROR" errorCode="MPA14751"] [SendRequest] No connection to DP
265916:2025-06-04T02:21:38.121Z edge01.lab.local NSX 3263 - [nsx@6876 comp="nsx-edge" subcomp="agg-service" tid="3531" level="ERROR" errorCode="MPA14751"] [SendRequest] No connection to DP

 

Environment

VMware NSX

Resolution

As a workaround, please collect the support bundles from the NSX Manager and Edge nodes, place the Edge node into maintenance mode, and then reboot it.

Collect Support Bundles

If the issue persists even after the reboot, please raise a support request with Broadcom for further assistance.

Creating and managing Broadcom support request (SR) cases

 

Powered by Wolken Software