ESXi hosts lose DVS networking after being prepared for NSX.
search cancel

ESXi hosts lose DVS networking after being prepared for NSX.

book

Article ID: 407369

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESXi host has been added to an NSX prepared cluster, but has not been successfully prepared for NSX before VM's are migrated to it from other NSX-prepared ESXi transport nodes.
  • The issue can also be seen if performing a vSphere import to VCF as this will also trigger an NSX install.
  • If the host has been attempted to be prepared for NSX while the VM's are still running on it, will see the log prints similar to these examples in vmkernel logs. 

2025-07-21T14:42:17.060Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: swsec: SwSec_VdsPropRegister:879: [nsx@6876 comp="nsx-esx" subcomp="swsec-24765085"]Failed to register swsec dvs property com.vmware.vswitch.port.swsec.enabled(Already exists)
2025-07-21T14:42:17.060Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: swsec: SwSecVdsRegisterClients:706: [nsx@6876 comp="nsx-esx" subcomp="swsec-24765085" errorCode="ESX5"]Failed to register VDS Props CBs for ps DvsPortset-#
2025-07-21T14:42:17.060Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: swsec: SwSecVdsVswitchActivateCB:859: [nsx@6876 comp="nsx-esx" subcomp="swsec-24765085" errorCode="ESX5"]Failed to register VDS Clients for ps DvsPortset-#
2025-07-21T14:42:17.060Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: NetHotswap: 309: Failed to swap in type vswitch
2025-07-21T14:42:17.060Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: NetHotswap: 534: DvsPortset-#: failed to swap from type cswitch to type vswitch reverting to cswitch
2025-07-21T14:42:17.061Z In(182) vmkernel: cpu71:2105466 opID=57####ba)cswitch: VSwitchActivate:10082: [nsx@6876 comp="nsx-esx" subcomp="vswitch"]Failed to post NSX_CSWITCH_ACTIVATE on ps DvsPortset-#: Failure
2025-07-21T14:42:17.061Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: NetHotswap: 309: Failed to swap in type cswitch
2025-07-21T14:42:17.061Z Wa(180) vmkwarning: cpu71:2105466 opID=57####ba)WARNING: NetHotswap: 540: DvsPortset-#: failed to revert to type cswitch, reverting to nulldev

Environment

VMware NSX-T DataCenter

VMware NSX

Cause

When an ESXi host has been added to an NSX prepared cluster, but has not been successfully prepared for NSX, and VM(s) are migrated to it from other, fully NSX prepared, ESXi hosts, the VM's will bring along security port properties carried over from the source host. If NSX is attempted to be prepared on this host while this VM is still present, the vswitch conversion attempt will fail due to the presence of these ports with security properties. The fallback of the switch also fails for the same reason, leaving the host switch in a broken state. 

Resolution

This will be fixed in a future version of VMware NSX to drop the swsec switch properties before attempting the switch conversion. 

To prevent this issue:

  • If the ESXi host is not yet prepared for NSX but has VM's running on it that were running on NSX-prepared Transport Nodes previously, place the host into Maintenance Mode so the VM's with security port properties will be evacuated before the switch conversion occurs. 

Workaround:

  • If the ESXi host networking is impacted after attempting to prepare it for NSX, connect to the host DCUI with the out-of-band network and select "Reset System Configuration" which should drop the DVS configuration.
  • Configure a Standard Switch on this host to return Management connectivity to it, re-add it to the DVS, and re-prepare it for NSX while it is in Maintenance Mode. 
Powered by Wolken Software