Pre-check with security policy fails when upgrading to vSphere 7.0
Article ID: 319651
Updated On:
Products
VMware
VMware vCenter Server
Issue/Introduction
Symptoms:
- While upgrading from vSphere 6.x to vSphere 7.0, the pre-check with security policy might fail.
- In the VC UI, you see message similar to:
"Currently connected network interface" 'Network adapter 1' cannot use network 'VM Network', because "the destination network on the destination host is configured for different offload or security policies than the source network on the source host".
Environment
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.5.x
VMware Tools 11.x
VMware vCenter Server Appliance 6.5.x
VMware Tools 11.x
Cause
This issue is caused by different security policies across hosts.
Note: The defaults for Forged Transmits and MAC address changes have changed between vSphere 6.x and 7.0 releases for security compliance reasons. Default configuration for these security policies are changed to reject by default, instead of accept.
Note: The defaults for Forged Transmits and MAC address changes have changed between vSphere 6.x and 7.0 releases for security compliance reasons. Default configuration for these security policies are changed to reject by default, instead of accept.
Resolution
To resolve this issue, check the security policy and ensure that pre-upgrade(pre-xvmotion) configuration is consistent.
Feedback
Yes
No
Powered by
