The sync status on the global manager is showing "disconnected" for one of the Location managers
search cancel

The sync status on the global manager is showing "disconnected" for one of the Location managers

book

Article ID: 433110

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Appliance Proxy (APH) certificates was replaced using CARR
  • The sync status on the global manager remains disconnected for one of the LM
  • In the NSX UI, the Location is showing as Disconnected 
  • From API GET https://<managerIP>/api/v1/messaging/cluster-connection/status, the status is also showing Disconnected

 {

        "address": "ssl://#.#.#.#:1236",

        "conn_status": "Disconnected", <<<<<<

        "node_id": "########-####-####-####-############",

        "node_type": "APPLIANCE_PROXY_HUB"

      },

      {

        "address": "ssl://#.#.#.#:1236",

        "conn_status": "Disconnected", <<<<<<<<<

        "node_id": "########-####-####-####-############",

        "node_type": "APPLIANCE_PROXY_HUB"

      },

   

      {

        "address": "ssl://#.#.#.#:1236",

        "conn_status": "Disconnected", <<<<<<<<<

        "node_id": "########-####-####-####-############",

        "node_type": "APPLIANCE_PROXY_HUB"

      },

 

  • Below logs will be seen on /var/log/vmware/appl-proxy-rpc.log

2026-03-03T13:01:50.074Z <NSX-manager> NSX 73277 - [nsx@6876 comp="nsx-manager" subcomp="appl-proxy" s2comp="nsx-net" tid="73307" level="WARNING"] StreamConnection[###### Connecting to ssl://#.#.#.#:1236 sid:######] Couldn't connect to 'ssl://#.#.#.#:1236' (error: 167772294-certificate verify failed (SSL routines))
2026-03-03T13:01:50.074Z <NSX-manager> NSX 73277 - [nsx@6876 comp="nsx-manager" subcomp="appl-proxy" s2comp="nsx-rpc" tid="73307" level="WARNING"] RpcConnection[###### Connecting to ssl://#.#.#.#:1236 0] Couldn't connect to ssl://#.#.#.#:1236 (error: 167772294-certificate verify failed (SSL routines))

Environment

VMware NSX

Cause

Thumbprint mismatch for the respective Location Manager Cluster

Resolution

On a Local Manager node, login in to the CLI as admin
Input the command, "get certificate cluster thumbprint" and take note of the thumpbrint returned. 


On the GM update the SHA-256 Thumbprint
 From the Glocal Manager UI, Click the System Tab,  Click Location Manager on the left,  select Locations and choose the Local Manager. Click Actions and then select Edit Settings. 
 Update the SHA-256 Thumbprint.

 Verify and Save. 

 

Additional Information

Also Refer: Certificate thumbprint mismatch after replacing certificates on the Local Manager in an NSX Federation environment

Powered by Wolken Software