NSX Removal Fails on vLCM-Enabled Security-Only Cluster
search cancel

NSX Removal Fails on vLCM-Enabled Security-Only Cluster

book

Article ID: 399803

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • May encounter issues when attempting to remove NSX from a vSphere Lifecycle Manager (vLCM) enabled cluster, particularly security-only clusters, where the removal process fails or appears to trigger an unintended installation. 
  • May experience behavior where NSX fails to uninstall from a cluster and instead shows a status of “Applying NSX”, with the removal operation ultimately failing as shown below.
  • You may also encounter errors indicating that the Transport Node Profile (TNP) could not be found, as illustrated below:


 

Environment

NSX-T Version: 3.2.1

Cause

 

This issue occurs due to the following contributing factors:

  • NSX operations being blocked by vLCM-controlled remediation policies, which conflict with the standard NSX removal workflow.

  • A stale or orphaned Transport Node Profile (TNP) reference within NSX, preventing the cluster from completing the NSX removal process.

Resolution

Workaround

To resolve the issue and avoid low-level interventions such as database surgery, the following recovery workflow can be implemented:

Step 1: Create a New Non-vLCM Cluster

  • Create a new vSphere cluster that is not managed by vLCM.

Step 2: Host Migration

Migrate each host from the problematic cluster to the new one by:

  1. Disconnecting the hosts 1 at a time from the original cluster.

  2. Moving the host to the new non-vLCM cluster.

  3. Reconnecting the host in the new cluster and verifying its operational status.

Step 3: Cluster Cleanup and VIB Removal

  • Once all hosts are successfully migrated, the original vLCM-enabled cluster can be deleted from vCenter.

  • NSX should automatically start removing NSX components from the hosts after they are moved into the new cluster.

  • If this automatic removal does not initiate, go to the NSX UI, select the new cluster, and manually trigger Remove NSX.

  • To verify successful VIB removal from each host in the new cluster, run the following command on each ESXi host:

    esxcli software vib list | grep -E 'nsx|vsip'

Note: This method ensures that NSX VIBs are removed cleanly and avoids risking further corruption or stuck states in the NSX database.

Additional Information

 

If the NSX VIBs are still not removed from the hosts after applying the workaround, the removal process may remain stuck at 40% – “Removing NSX bits.” If this status does not progress, proceed with the resolution steps outlined in the following article:
NSX Failed to Remove NSX in a Security-Only Cluster

If neither the automated nor manual workaround is successful, please open a case with Broadcom Support for further assistance.
For instructions, refer to: Creating and Managing Broadcom Support Cases

Powered by Wolken Software