• One or more sites shows Disconnected from the Global Manager which has a banner message stating that the Location is not reachable.
  
  
  
  
• Clicking the Refresh button beside the Disconnected status does not resolve the issue
  
  
• The alarm shown in (KB 345832) GM to LM data synchronization warning alarm will likely be present on both Global and affect Local Manager appliances in the UI.
  • Verify port 1236 connectivity and the async replicator service status per the information in the article.
    
    
• Expired, in-use certificates are present when checked from the NSX UI under System > Certificates. These may include certificates that show they are for Global Manager <> Site communications, APH certificates, and/or Site-specific certificates like in the below example:
  
  
  
  

Failure of the Async-Replicator (AR) channel.

• This failure occurs because the Appliance Proxy (APH), which secures AR traffic, cannot validate the identity of the remote peer due to expired Client Auth or Remote Site certificates.
  
  
• Without a valid SSL/TLS handshake, the APH service terminates the connection (log signature: short read), preventing the Async-Replicator from synchronizing configuration data."

Replace expired certificates. This can be done by:

• following the product documentation at Replace Certificates Through NSX Manager
  
  
• or by a script available at (KB 369034) Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX, which fixes various certificate issues, including replacement of expired certificates.