When attempting to change the High Availability (HA) mode of a Tier-0 Gateway from Active-Active to Active-Standby, the operation fails. This issue typically occurs during transitions between Active-Active and Active-Standby modes. The system prevents the change to maintain configuration integrity when external dependencies are still active.

The NSX Manager UI displays the following error message: 

Error: HA mode cannot be modified when interfaces <redacted list of interfaces> are still attached to the gateway.

You may see this behavior when: 

• Redesigning the Edge cluster for stateful services.
• Attempting to toggle HA mode on a Tier-0 Gateway that has active logical interfaces (uplinks) configured.
• The gateway remains "attached" to Edge nodes despite attempts to modify general settings.

VMware NSX 3.x, 4.x

NSX prevents changing the HA mode of an existing Tier-0 Gateway if active logical interfaces (uplinks) are configured. Active-Active and Active-Standby modes have different requirements for how interfaces map to Edge transport nodes. To ensure configuration consistency, you must "detach" the gateway from these interfaces before toggling the mode.

Additionally, the HA mode change is blocked if the following stateful services are configured on the gateway:

• DNS Forwarder
• IPSec VPN or L2 VPN
• NAT (SNAT, DNAT, or Reflexive NAT)
• Stateful Firewall
• Service Insertion

To successfully change the HA mode, you must temporarily remove the external interfaces and ensure no conflicting services are active. Follow the steps below:

Prerequisites

1. Backup: Perform a full configuration backup of your NSX environment.
   
   
2. Downtime: Deleting uplinks will cause a temporary disruption in North-South traffic for workloads associated with this Tier-0 Gateway. Plan for a maintenance window.

Step-by-Step Workflow

1. Document Existing Configuration:
   1. Navigate to the Tier-0 Gateway settings.
   2. Record all IP addresses, VLAN tags, MTU settings, and Edge cluster assignments for the existing interfaces (uplinks).
2. Remove Conflicting Services:
   1. Ensure that stateful services (VPN, NAT, DNS Forwarder) are disconnected or deleted from the Tier-0 Gateway.
3. Delete the Interfaces:
   1. Go to the Interfaces section of the Tier-0 Gateway.
   2. Delete the external interfaces (uplinks) identified in the error message.
      Note: You do not need to delete the Tier-0 Gateway object itself.
4. Modify the HA Mode:
   1. Edit the Tier-0 Gateway General Settings.
   2. Change the HA Mode to your desired state (Active-Standby or Active-Active).
   3. Click Save.
5. Re-create the Interfaces:
   1. Add the interfaces back to the Tier-0 Gateway using the documentation from Step 1.
   2. Ensure the Edge node assignments align with the requirements of the new HA mode.

For more detailed information on HA mode requirements and Edge Node placement, please refer to the official VMware documentation: Changing the HA Mode of a Tier-0 Gateway