• The vmk0 interface is used for management, while other interfaces, such as vmk1, are used for vMotion and provisioning traffic.
• Migration fails for both powered-off and powered-on VMs
• Ping succeeds between ESXi host A and ESXi host B for VM migration
• The following error message appears when migrating a powered-off VM:

    Authenticity of the host's SSL certificate is not verified.

VMware ESXi 7.0.x

VMware ESXi 8.0.x

A duplicate IP address exists on the vmk interface used for VM migration.

On ESXi host A, use the following command to check the neighbor's IP and MAC address. The MAC_1 differs from HOST_B_MAC; they should match if there is no duplicate IP:

#esxcli network ip neighbor list
Neighbor      Mac Address        Vmknic     Expiry  State  Type
------------  -----------------  ------  ---------  -----  ----
......
<HOST_B_IP>  <MAC_1>  vmk1       18 sec         Dynamic

On ESXi host B, use the following command to check its IP and MAC address:

#esxcfg-vmknic -l
Interface  Port Group/DVPort/Opaque Network        IP Family IP Address                              Netmask         Broadcast       MAC Address       MTU     TSO MSS   Enabled Type                NetStack
...
vmk1       VMkernel                                IPv4      <HOST_B_IP>                            255.255.255.0   ##.##.##.255   <HOST_B_MAC> 1500    65535     true    STATIC              defaultTcpipStack

To resolve the issue, involve the network team to disconnect the duplicate IP from the network.

To verify if MAC_1 originates from the vSphere environment, use the following commands on each ESXi host:

#net-stats -l | grep <MAC_1>

#esxcfg-vmknic -l | grep <MAC_1>

To work around the issue, if vmk0 is functioning, remove the vMotion/Provisioning traffic tag from the vmk1 interface and add the vMotion/Provisioning tag to the vmk0 interface.