• vCenter Server had been connected to the management network over a standard switch (VSS)
  
  
• Attempting to Edit Settings on the vCenter VM and change the portgroup connected to the network adapter results in:
  
  
  • The vSphere UI no longer works properly. It may show a connection problem or may appear to be connected but pages say that the user does not have permissions to access information that should be available. 
    
    
  • Pings fail to the vCenter server's management IP address
    
    
  • If VM settings are checked from the ESXi host client, the network adapter may appear to be properly connected to the target portgroup
    
    
• To restore vCenter to the management network, the adapter must be connected back to the VSS' portgroup again. This can be done in a browser connected to the host where the vCenter VM is running.

• vCenter Server VM requires a valid network connection to remain accessible.

• When its NIC is moved to a vDS port group with static or dynamic binding (rather than ephemeral), the port assignment depends on vCenter itself.

• Because vCenter is the VM being migrated, it cannot assign its own port, resulting in loss of connectivity.

• This creates a circular dependency: vCenter needs to be online to manage the vDS, but moving its NIC to the vDS disconnects it.

• Connect the vCenter Server VM to an ephemeral port group on the vDS.

  • Ephemeral binding allows ESXi hosts to assign ports directly without requiring vCenter.
    
    

• Alternatively, add a temporary second NIC to the vCenter VM:

  • Keep one NIC on the vSS port group.

  • Connect the second NIC to the vDS ephemeral port group.

  • Verify connectivity before removing the vSS NIC.

  • Procedure:

    1. Create an ephemeral port group on the vDS with the same VLAN as the vSS management port group.

    2. Edit the vCenter VM settings

    3. Add a second network adapter.

    4. Connect it to the ephemeral port group.

    5. Verify vCenter connectivity (ping, login).

    6. Once stable, remove the original NIC connected to the vSS port group.

• Note: For either migration method to function correctly, the upstream physical network must be properly configured for the vmnics assigned as uplinks to the distributed port group hosting the vCenter Server.

  • If physical hardware issues exist (such as faulty cabling, bad SPF+ modules, or loose connectors between the ESXi host and the physical switch), vSphere will attempt to hash traffic over to the faulty uplink. This will cause a total loss of connectivity to vCenter if a secondary, healthy active or standby uplink path is unavailable.

  • If the upstream physical switch ports are misconfigured for the targeted vmnics (regardless of whether the port group binding is configured as Ephemeral or Static), the vCenter VM network adapter will successfully bind to the port group and the vmnics will show a link status of "Up". However, any missing or mismatched VLAN tagging configurations on the physical switch will instantly drop the management traffic and isolate vCenter once the legacy active connection to the vSS is removed.

  • Refer to  (KB 311540) Sample configuration of virtual switch VLAN tagging (VST Mode) detailing how VLAN tagging must be aligned across both the vSphere ESXi layer and the physical switch infrastructure.

For reference:

• Migrating from Standard to Distributed vSwitch
  
  
• Configuring Standard vSwitch (vSS) or virtual Distributed Switch (vDS) from the command line in ESXi
  
  
• Static (non-ephemeral) or ephemeral port binding on a vSphere Distributed Switch