• Virtual Machine placed on a specific ESXi host
• Ping to the VM works
• Unable to access virtual machine service ports like 22, 3389, etc., from other VMs located on different ESXi hosts or subnets.

VMware NSX

Scenario 1:
Server VM placed on the problematic ESXi
Clinet --->SYN--->Server
Server--->SYN-ACK--->Client      ----> "TCP CHECKSUM INCORRECT" in this packet
Client--->NO ACK Sent out

Scenario 2:
Client VM placed on the problematic ESXi
Client --->SYN--->Server   ----->"TCP CHECKSUM INCORRECT" in this packet
Server--->NO SYN-ACK Sent out from Server

This issue caused by "TCP CHECKSUM INCORRECT"

Recommend to contact Hardware vendor to investigate from Driver/FW end

Workaround:

Prior to the conclusion from the Hardware Vendor, following options available:

1: Disable Geneve offload by running the following command:
esxcli system module parameters set -m bnxtnet -p "enable_geneve_ofld=0"

After executing the command, reboot the ESXi host for the changes to take effect.

OR 

2: Try to reinstall the Driver/FW to see if issue could be resolved with that.

Impact/Risks:

Traffic to the VMs that are placed on problematic ESXi Hosts will get impacted