The NSX-T UI reports service insertion alarm that errors "SPF not enabled at port level on host <host UUID> and the status is down. Reason : Incorrect host switch config or missing key component.
Symptoms:
Feature: Service Insertion
Event type: Service Insertion Infrastructure Status Down
Description: SPF not enabled at port level on host ########-####-####-####-############ and the status is down. Reason : Missing spf port or incorrect host switch config.
Recommended Action: Perform any corrective action from the KB and check if the status is up.
Reported by Node: <node>
net-dvs -u com.vmware.nsx.spf.gvm -p <portid> <dvs-name>
net-dvs -u com.vmware.nsx.spf.enabled -p <portid> <dvs-name>
net-dvs -u com.vmware.port.extraConfig.serviceInsertion.gvm -p <portID> <dvs-name>
NSX-T Data Center.
The trigger for the alarm was improper SI removal, additionally an issue in current Alarm framework that it is fetching the status from cache library instead of checking the current status from the vertical.
Restart ops-agent service from ESX host root shell.
/etc/init.d/nsx-opsagent restart
This issue is resolved in 4.2.1