After upgrading vCenter Server and then using vSphere Lifecycle Manager (vLCM) to upgrade ESXi hosts from version 8.0 U3f to 8.0 U3g, some hosts reported an NSX error indicating:

Service Status Down – Service NSX_LASTLINE_RAPID is not running

on the affected hosts.

As a temporary workaround, removing the impacted host from the cluster, allowing NSX to uninstall, rebooting the host, and then re-adding it to the cluster cleared the service error.

However, within NSX Malware Prevention, the cluster deployment status remained “Not Healthy” for the upgraded hosts. The following error was displayed:

“The agent’s workflow is blocked until its required solutions are remediated externally in vSphere Lifecycle Manager.”

Additionally, VMs could not be migrated to the affected hosts, even though the hosts were not in maintenance mode. The powered-off Security Virtual Machines (SVMs) on these upgraded hosts were not automatically removed, resulting in the hosts displaying a status of:

“Undeployment Failed”
under the Malware Prevention deployment status.

The SVMs were successfully deleted from the ESXi host and this was confirmed by running the following command:

When force deletion is triggered from NSX Manager, the following error is returned:

“Will not try force delete of deployment as there is an associated EAM Agency present. Initiated a regular delete, which might remove the deployment and associated agency.”
(Error Code: 42373)

• Lifecycle manager for upgrade
• Previous ESXi Version: 8.0 U1f
• Upgraded ESXi Version: 8.0 U1g (Build 24859861)
• Current NSX Version: 4.2.2.1
• SSP Version: 5.0.0

During the ESXi host remediation using vSphere Lifecycle Manager, a partial failure occurs in the NSX Malware Prevention agent lifecycle, leaving:

• The NSX_LASTLINE_RAPID service stopped

• SVMs orphaned in a powered-off state

• Agent workflow deadlocked, waiting for a remediation operation that vLCM already considers completed

This results in a state mismatch between NSX Manager, vLCM, and the ESXi host, preventing:

• Proper redeployment of Malware Prevention agents

• Cleanup of legacy SVMs

• Normal vMotion and security enforcement operations

The direct cause for error code 42373: 

EAM(ESX Agent Manager) is used by VMware solutions like:

• NSX

• vShield

• SSP / Security services

• vSAN Health / other service VMs

Because the stale object after force deletion is still registered with EAM, vCenter blocks the delete operation to prevent breaking a managed service.

• Restart the vcenter to clear the error in NSX. 
• If this is not clear the error, please contact the broadcom support.