• NSX Edge nodes fail to complete configuration and config state shows "Failed" in UI following deployment or node replacement.
  
  
• Node Status shows Degraded in UI.
  
  
• The NSX UI displays the following Configuration State error for the affected Edge Transport Node : Host configuration: Caught MessagingException during host config stage. [TN=TransportNode/<TN_UUID>]. Reason: MessagingException
  
  
• 
  
  
• Ping from Edge to NSX Manager is Successful.
  
  
• Port connectivity test from impacted Edge to NSX Manager is successful over port 1234 and port 1235.
  
  
• Running get managers on the Edge shows Connected.
  
  
• Running get controllers on the affected Edge CLI displays the failure reason as OTHER_ERROR.
  
  
• The impacted NSX Edge syslog reports SSL handshake failures over port 1235 to the NSX Manager:

20##-##-## NSX 2### - [nsx@6### comp="nsx-edge" subcomp="nsx-proxy" s2comp="nsx-net" tid="3##" level="WARNING"] StreamConnection[46864 Connected to ssl://#.#.#.#:1235 sid:46864] ReadCallback - closing connection (error: 167773206-sslv3 alert certificate unknown (SSL routines), socket: open)
20##-##-## NSX 2### - [nsx@6### comp="nsx-edge" subcomp="nsx-proxy" s2comp="nsx-net" tid="3##" level="INFO"] StreamConnection[46864 Closing to ssl://#.#.#.#:1235 sid:46864] Closing (reason: network error)
20##-##-## NSX 2### - [nsx@6### comp="nsx-edge" subcomp="nsx-proxy" s2comp="nsx-net" tid="3##" level="INFO"] StreamConnection[46864 Closed to ssl://#.#.#.#:1235 sid:-1] Closed (reason: network error, error: 167773206-sslv3 alert certificate unknown (SSL routines))
20##-##-## NSX 2### - [nsx@6### comp="nsx-edge" subcomp="nsx-proxy" s2comp="nsx-rpc" tid="3##" level="WARNING"] RpcConnection[46864 Negotiating to ssl://#.#.#.#:1235 0] ReadCallback - closing connection (error: 167773206-sslv3 alert certificate unknown (SSL routines))

VMware NSX

An SSL certificate trust mismatch prevents the newly deployed NSX Edge proxy service from validating the control plane certificate presented by the NSX Manager on port 1235 (Central Control Plane - CCP). Stale cached certificates or localized synchronization issues on the NSX Manager cluster cause the secure connection to drop, which interrupts the Edge host configuration workflow.

• Perform a rolling reboot of the NSX Managers to clear stale caches and force management services to reload the active, valid SSL certificates.
• Once the rolling reboot is complete, navigate to System > Fabric > Nodes > Edge Transport Nodes in the NSX UI.
• Verify the Edge Transport Node configuration state. The Edge will automatically negotiate the SSL handshake, connect to the controllers, and transition to a "Success" state.

Similar Issues :

• Failed to deploy NSX Edge node with the status Pending