• The NSX UI shows error message "Upgrade not attempted because dry-run of upgrade on <host-uuid> failed with message: VI SDK invoke exception:java.net.SocketException: Connection reset" when the upgrade of ESXi host fails from version 3.2.x to 4.2.x.
  
  
• Below message will be seen on upgrade-coordinator.log on NSX manager. (Log path: /var/log/upgrade-coordinator/upgrade-coordinator.log)

  

  2025-04-06T07:50:49.708Z INFO task-executor-32-1-workitem-HOST-###-###-###-###-### ESXUpgradeSteps 10621 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="upgrade-coordinator"] [HUT] 1 certificates found in rui.crt for host (<host-uuid>,<esxi-fqdn/ip>)
  INFO task-executor-32-1-workitem-HOST-###-###-###-###-### ESXUpgradeSteps 10621 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="upgrade-coordinator"] [HUT] checking thumbprint <####-certificate-thumbprint-####> by logging in for host (<host-uuid>,<esxi-fqdn/ip>)
  2025-04-06T07:50:49.902Z ERROR task-executor-32-1-workitem-HOST-###-###-###-###-### WSClient 10621 FABRIC [nsx@6876 comp="nsx-manager" errorCode="MP31801" level="ERROR" subcomp="upgrade-coordinator"] VI SDK invoke exception: java.net.SocketException: Connection reset
  java.net.SocketException: Connection reset
  2025-04-06T07:50:49.902Z ERROR task-executor-32-1-workitem-HOST-###-###-###-###-### ESXUpgradeSteps 10621 SYSTEM [nsx@6876 comp="nsx-manager" errorCode="MP31807" level="ERROR" subcomp="upgrade-coordinator"] Unknown Error occurred while logging in using thumbprint <####-certificate-thumbprint-####> for host (<host-uuid>,<esxi-fqdn/ip>). Ignoring the exception.
  java.rmi.RemoteException: VI SDK invoke exception:java.net.SocketException: Connection reset

   

• Below message will be seen on syslog on NSX manager. (Log path: /var/log/syslog)

   2025-04-06T07:50:50.117Z NSXMGR### NSX 10621 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="upgrade-coordinator"] Component type = HOST , Upgrade Status = FAILED, Progress Percentage = 93 , Progress Message = [<esxi host ip>] Checking if the host is placed in vSphere maintenance mode#012[<esxi host ip>] Creating NSX user#012[<esxi host ip>] Preparing ESX for upgrade#012[<esxi host ip>] Copying NSX bits to host <esxi fqdn>#012[<esxi host ip>] Performing dry-run of installation of NSX bits#012Upgrade not attempted because dry-run of upgrade on host <host-uuid> failed with message: VI SDK invoke exception:java.net.SocketException: Connection reset.

   

• Below message will be seen on rhttpproxy.log on Host Transport Node. (Log path: /var/run/log/rhttpproxy.log)

  2025-04-06T07:50:50.073Z warning rhttpproxy[2111056] [Originator@6876 sub=IO.Connection] Failed to SSL handshake; SSL(<io_obj p:0x000000f12a590a58, h:54, <TCP '<esxi host ip> : 443'>, <TCP '<nsx manager ip> : 33562'>>), e: 104(Connection reset by peer), duration: 4msec
  2025-04-06T07:50:50.073Z warning rhttpproxy[2111056] [Originator@6876 sub=RhttpProxy] SSL Handshake failed for stream SSL(<io_obj p:0x000000f12a590a58, h:54, <TCP '<esxi host ip> : 443'>, <TCP '<nsx manager ip> : 33562'>>): N7Vmacore15SystemExceptionE(Connection reset by peer: The connection is terminated by the remote end with a reset packet. Usually, this is a sign of a network problem,  timeout, or service overload.)

VMware NSX
VMware NSX-T Data Center 

• This issue was caused due to SSL/TLS connection problem between the NSX Manager and the host transport nodes.
• Error screenshot provided for reference for the connection checks. The following command initiated from the NSX Manager to the ESXi host transport node.
• Below screenshot confirms the port connectivity of 443 but TLS handshake Server hello not received and ended with OpenSSL SSL_connect error. 
•  

Please ensure that SSL/TLS connections are permitted between the NSX Manager and the host transport node. In this case, the port is open, but the TLS connection has failed.

This is not a NSX-related issue. Please engage the internal firewall and networking teams to resolve the connection problem.