• LB Service Status shows Down on Secondary but is UP on Primary
• Secure RPC is in use
• Packet trace between the nodes show SSL handshake failure between the nodes on port 3009

Enabled TLS1.1 and TLS1.2 on the "ns_default_ssl_profile_backend" profile, to match with the Enabled TLS Versions on the front-end profile

Caution:
Please first evaluate the impact of the change i.e. what services this profile is bound to and any other dependencies, if unsure, create a separate ssl profile and bind to internal service nskrpcs-127.0.0.1-3009 and enable the same TLS versions as the Front-end profile

---

Problem Cause

SSF connections are not forming between the nodes on port 3009, so state information is not being synced, as secure RPC is enabled SSL handshake is done first and that was failing between the nodes

From Configuration we see SSL default profile is enabled and the back-end profile has only TLS1.0 ENABLED and Front-end profile only has TLS1.1 and TLS1.2 enabled
=============
  Name: ns_default_ssl_profile_frontend   (Front-End)
        SSLv3: DISABLED TLSv1.0: DISABLED  TLSv1.1: ENABLED  TLSv1.2: ENABLED  TLSv1.3: DISABLED
 
Name: ns_default_ssl_profile_backend    (Back-End)
        SSLv3: DISABLED TLSv1.0: ENABLED  TLSv1.1: DISABLED  TLSv1.2: DISABLED  TLSv1.3: DISABLED

====
When node-1 (client) is connecting to node-2 (server), it will use the ns_default_ssl_profile_backend profile, it uses TLS1.0, now node-2 rejects it because it will check the ns_default_ssl_profile_frontend for incoming ssl connections where only TLS1.1 and TLS1.2 are enabled. (The same applies when node2 is connecting to node2).