private discovery server, remote error: tls: no application protocol

Hi Support,

Here I am after a lot of troubleshoot, try and errors.

I am trying the current setup :

  • private discovery server
  • hosted syncthing server
  • client synthing on my local network

I am using an NSX gateway on VMware for the hosted environment

Here for the syncthing server status:


Here for the syncthing client status:


nmap test on my public ip

PORT STATE SERVICE 8443/tcp open https-alt

PORT STATE SERVICE 22000/tcp open snapenetio

I have try with and without the syncthing public relays as well

I have put down all 3 Windows firewalls of the setup such as :

  • discover server
  • syncthing server
  • syncthing client

The discovery server is running on Windows, with the certificates generated by the application

I am running version 1.27.5 of syncthing

I have rebuild the complete 2 times without any more success, more precisely, same result

I have also asked 2 colleague to install the syncthing client with the same error for them also

I have looked upon some post/documentation from syncthing and that type of error could occured because of the certificate but now I’m not sure it is about that because of the following:

  • the syncthing server connect without any issue to the discovery server
  • i have rebuild the syncthing discovery 2 times, each time with a brand new directory and certs, basically, a fresh install

I’m using syncthing to create a proof of concept at our company where it’s going to be used to help us leverage the sync abilities of the product and host one of our home application.

I would appreciate any help and be very responsive about it because at this point in time, there’s isn’t much that i know of that I didn’t tried.

I will also continu my investigation using Wireshark to see if I can catch anything with that

Thank you all for your time in advance :slight_smile:


I have tried to add the port 21027 to my NAT configuration and the firewall as well, open, in destination to both the sync server and the discovery server

The “remote error: tls: …” means the other side is returning the error in question. I can’t say why, you’ll have to ask that proxy thing.

When you say the “other side” you mean, server side ? How come the server would throw the error to the syncthing client and not the syncthing server?

“Other side” from the point of view of the Syncthing discovery client that is showing the error – which, since this is a TLS error, is the handshake with the “NSX gateway” as I understand your setup.


just to clarify the NSX Gateway is the “software” used on VMWare Cloud Director for the NAT Gateway and Firewall

Are you saying there’s something to be configured in the NSX gateway in order to import or accept the cert.pem generated by the syncthing server?

Because as I am reading the documentation that I’ve found that may be related to what you’re saying, I will review it and get back with a status here

Thanks a lot for the direction

I know nothing about NSX, but “remote error: whatever” means the other side reported an error and troubleshooting needs to continue on the other side. That’s all.

1 Like

Update and possible resolution :

I have set up a VM ubuntu on AWS (amazon web services) and opened the required ports and everything worked like a charm.

I have set up a VM ubuntu on the same environment used previously in this setup on VMWare Cloud Director, behind the NAT gateway (NSX) and turns out that the cert validation is blocked by the gateway and isn’t done on the OS level of things.

So basically, our setup will be moved to either Azure Microsoft, AWS or Google Cloud Provider

again, thanks for all your help @calmh


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.