NSX-T Host Configuration Fails at 48% with Error: “Timeout waiting for host to join NSX Manager”
search cancel

NSX-T Host Configuration Fails at 48% with Error: “Timeout waiting for host to join NSX Manager”

book

Article ID: 406428

calendar_today

Updated On:

Products

VMware NSX VMware vSphere ESXi

Issue/Introduction

During host registration or NSX configuration on a standalone ESXi host, the configuration process fails at 48% with the following UI error: 

"Failed to install software on host. Time out waiting for host to join NSX Manager.".

This issue occurs during the join phase, even though NSX VIB installation completes successfully on the ESXi host.

Environment

VMware NSX
VMware vSphere ESXi

Cause

The NSX configuration fails because the ESXi host is unable to establish a connection to the NSX Manager over TCP port 1234, which is required for the host to complete the registration process with NSX Manager.

Resolution

Resolution:

1. Verify VIB Installation Success
On the ESXi host, confirm from /var/log/esxupdate.log:

2024-07-30T11:19:32Z esxupdate: 4527: BootBankInstaller.py: INFO: Installed: VMware_bootbank_nsx-aggservice...
2024-07-30T11:19:32Z esxupdate: 4527: esxupdate: INFO: Installation completed successfully.

2. Check nsx-proxy Log for Timeout Errors
On the ESXi host, view /var/log/nsx-syslog.log:nsx-proxy: Couldn't connect to 'ssl://<NSX-Manager-IP>:1234' (error: 110-Connection timed out)
nsx-proxy: RpcTransport[0] Unable to connect to ssl://<NSX-Manager-IP>:1234: 110-Connection timed out
nsx-proxy: RpcClient Failed to connect in 0 ms (attempt 1), retrying
nsx-proxy: Retrying in 1000 ms...

3. Test Port Connectivity from ESXi to NSX Manager
SSH into the ESXi host and run:

nc -zv <NSX-Manager-IP> 1234

Expected output in failure scenario:

<NSX-Manager-IP> 1234 (tcp) open timed out

 

4. Check for Any Firewall or ACL Restrictions
Ensure port 1234 is not blocked by firewall/NAT between the ESXi host and the NSX Manager. Port 1234 is used by NSX Manager Agent for incoming connections from the ESXi host during the join phase.

5. Capture Packets on NSX Manager to Confirm Absence of Traffic
Run the following command on the NSX Manager appliance:

tcpdump -i eth0 port 1234 -nn -vvv -s 0 -w /tmp/host-join.pcap

NOTE: If no packets are seen, this confirms that the join attempt is not reaching the Manager due to a network block.

---

Workaround (if firewall cannot be opened immediately):
There is no supported workaround without enabling connectivity over port 1234. All ESXi hosts must be able to reach the NSX Manager over this port to successfully complete registration.

 

Additional Information

Additional Information:

  • Port TCP 1234 is required even for standalone NSX deployments.

  • Previously registered hosts might appear to work if their sessions are already established, but new hosts or re-registrations will fail without port access.

Powered by Wolken Software