NSX Host Upgrade May Fail in SDDC with Error: Host group upgrade status is FAILED for group #### [Upgrade failed: Host #### is not reachable. Check host's connectivity and health in vCenter and retry]
Article ID: 405981
Updated On:
Products
Issue/Introduction
- In the SDDC UI, the NSX host upgrade failed with an error indicating that the ESXi hosts are not reachable from the vCenter, as shown in the screenshot below.
- The NSX ESXi host upgrade may fail and remain paused at 40% on the NSX upgrade page, even after clicking "Continue" from the NSX UI, as shown in the screenshot below.
- The upgrade or host remediation process begins with a host compliance check initiated from the vCenter.
- However, in this case, the host compliance check is timing out for the hosts in the cluster due to a "host not reachable" error.
- You can track the host remediation progress in the vCenter logs at:
storage/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log
2025-06-18T10:30:51.952Z info vmware-vum-server[2623182] [Originator@6876 sub=PM.AsyncTask.DesiredScanClusterTask{225}] [vciTaskBase 1514] VciTask { id: DesiredScanClusterTask{225}, type: com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask }: Setting VC task state to: running 2025-06-18T10:30:51.956Z info vmware-vum-server[2623182] [Originator@6876 sub=com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask opID=xxxx-xxxx-xxxx-xxxx-xxxxxx] [Task, 524] Task:com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask ID:xxxxxxxxx-xxx-xxx-xxx-xxxxxxxxxxxx. Starting task: com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask , user : [email protected], Cluster : <Cluster name >(domain-cX) specID: 43. 2025-06-18T10:30:51.956Z info vmware-vum-server[2623182] [Originator@6876 sub=com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask opID=xxxx-xxxx-xxxx-xxxx-xxxxxx] [Task 627] Set com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask (xxxxxxxxx-xxx-xxx-xxx-xxxxxxxxxxxx) progress to 10
2025-06-18T10:30:51.974Z info vmware-vum-server[2623182] [Originator@6876 sub=HostLocator opID=xxxx-xxxx-xxxx-xxxx-xxxxxx] [hostLocator 239] Getting Management IP for host host-ID: <ESX FQDN>2025-06-18T10:30:51.976Z info vmware-vum-server[2623182] [Originator@6876 sub=com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask opID=xxxx-xxxx-xxxx-xxxx-xxxxxx] [HostAPICallUtil 157] Creating SSL connection to <ESX FQDN > using thumbprint of the host certificate. 2025-06-18T10:31:51.976Z error vmware-vum-server[2623182] [Originator@6876 sub=com.vmware.vcIntegrity.lifecycle.DesiredScanClusterTask opID=xxxx-xxxx-xxxx-xxxx-xxxxxx] [HostVapiOps 119] Timeout while invoking capabilities API on host host-ID
- Additionally, you may see the following error while performing the ESXi host compliance check manually in vCenter, as shown in the screenshot below.
- Although the errors suggest that the hosts are not reachable from the vCenter, there may be no actual network issues between the vCenter and the affected ESXi hosts on all required ports.
Environment
VMware NSX
Cause
The upgrade/remediation process begins with a compliance check. In this instance, vLCM scan unit in the vCenter designated the hosts as unknown and skipped them from the upgrade because it could not reach the ESXis.
As per the packet captures, the TCP and TLS handshakes completed successfully. However, the application data appears to be stuck in the settingsd service, which was unresponsive on the ESXi host, eventually leading to a timeout.
Resolution
To resolve this issue, restart the settingsd service on the affected ESXi host by running the following command:
/etc/init.d/settingsd restart
/etc/init.d/settingsd status
Note: Place the ESXi host into Maintenance Mode before restarting the service to avoid any issues.
Feedback
