Symptoms:
In an NSX for vSphere 6.2.7 and 6.3.2 environments where 3rd party service insertion through NetX, you see these symptoms:

• After migrating virtual machines to an ESXi host that has been rebooted, virtual machines lose network connectivity and their vNIC is disconnected.
• In the /var/log/vmkernel.log file of the ESXi host, you see entries similar to:
  
  2017-06-08T05:36:50.235Z cpu94:41191)DVFilter: 3436: Could not find filter 'serviceinstance-1'
  2017-06-08T05:36:50.235Z cpu94:41191)DVFilter: 5408: Failed to add filter serviceinstance-1 on vNic 0 slot 4: Not found
  2017-06-08T05:36:50.236Z cpu94:41191)Net: 3640: dissociate dvPort 10564 from port 0x2000018
  2017-06-08T05:36:50.236Z cpu94:41191)Net: 3646: disconnected client from port 0x2000018
  
  Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

This issue is resolved in VMware NSX for vSphere 6.2.8

Note: This is a known issue affecting VMware NSX for vSphere 6.3.x.

To work around this issue if you do not want to upgrade, before migrating any production virtual machines to an NSX for vSphere 6.2.7/6.3.2 host that has been rebooted, confirm that the Service Profile is set using the vsipioctl getfilters.

If the service profile is not present, apply the workaround.

1. For the DFW, on the Host Preparation page, perform a Force Sync Services > Firewall for the problematic ESXi host.
2. For Service Profile Insertion, run the following REST API:
   
   POST https://VSM-IP/api/2.0/si/host/host-X/config?action=apply
   
   Note: Alternatively, a restart of the ESXi vsfwd message bus resolves this issue by running this command:
   
   /etc/init.d/vShield-Stateful-Firewall restart

Impact/Risks:
Virtual machine lose network connectivity and their vNIC is connected.