VM Migration Fails with "Network Not Accessible" Error Due to NSX Segment Inaccessibility on Partially Configured Host
search cancel

VM Migration Fails with "Network Not Accessible" Error Due to NSX Segment Inaccessibility on Partially Configured Host

book

Article ID: 405838

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

While attempting to migrate a virtual machine (VM) to a host configured with NSX, the following error may be observed during the "Select Networks" step:

Currently connected network interface 'Network adapter 1' uses network 'DVSwitch[...] NSX port group (dvportgroup-XXX)(vds is down)', which is not accessible.

Additional observations:

  • Host appears under NSX Manager as “Not Ready”.

  • NSX installation initially failed with error: vmkping test failed for TEP interfaces.

  • MTU mismatch identified and corrected (e.g., set to 1700).

  • TEP ping test from the problematic host to its peer TEP succeeded after MTU adjustment.

  • Despite resolution of TEP ping issues, host still not showing as NSX-ready.

Environment

VMware NSX 4.x

Cause

This issue occurs because the destination host is not fully configured with NSX and cannot access or present the NSX-backed segment (port group) to the migrating VM.

Contributing factors include:

  • Incomplete NSX component installation on the host.

  • TEP (Tunnel End Point) configuration errors or MTU mismatch.

  • NSX port groups are backed by overlay segments, which require an operational NSX VDS and control plane on the host.

Resolution

  1. Verify NSX Host Installation Status:

    • Login to NSX Manager.

    • Navigate to System > Fabric > Nodes > Host Transport Nodes.

    • Ensure the affected host is in "Success" or "Up" state. If it's in "Not Ready", proceed with the steps below.

  2. Reinstall NSX on the Host:

    • Retry the NSX installation on the host.

    • If using vLCM or SDDC Manager, ensure NSX VIBs are pushed correctly.

    • Monitor logs under /var/log/nsx on the ESXi host for errors.

  3. Validate TEP Configuration:

    • Ensure the TEP IP is correctly assigned from the designated IP pool.

    • Run TEP ping from the affected host:

      vmkping ++netstack=vxlan <peer-tep-ip> -s 1570 -d

      (Use MTU value according to NSX segment, typically 1600 or above.)

  4. Check Uplink and VDS Configuration:

    • Confirm correct physical NICs are mapped to the VDS uplinks.

    • Run on the ESXi host:

      esxcli network vswitch dvs vmware list

      • Ensure NSX VDS and portgroups are visible.

  5. Reboot Host (if safe to do so):

    • In some cases, a host reboot may help finalize NSX component initialization.

  6. Retry VM Migration:

    • Once the host is in a healthy NSX state, retry the VM migration.

    • The error regarding inaccessible port group should be resolved.

Additional Information

Until the host is fully NSX-configured and healthy, NSX-backed segments will not be accessible, and VM migrations to that host using NSX portgroups will fail.

Additional Notes:

  • Always validate MTU settings end-to-end in the physical and virtual network for NSX overlay traffic.

  • This issue is commonly observed during phased host onboarding in NSX-enabled clusters.

Powered by Wolken Software