• When remediating an ESXi host using vSphere Lifecycle Manager, the following error is reported:
  
  Failed getting host recommendation from DRS to enter maintenance mode for cluster '<cluster_name>'. Reason: 'Currently connected network interface 'Network adapter #' cannot use network '<portgroup_name>', because the destination network on the destination host is configured for different offload or security policies than the source network on the source host'
  
  
• The port group referenced in the error message resides on a standard vSwitch (vSS).

VMware vSphere ESXi 8.x
VMware vCenter Server 8.x

This issue occurs when virtual machines on the affected host are connected to a port group configured with security or offload settings that differ from those on other hosts in the cluster.

Since vMotion requires network configuration consistency between the source and destination hosts, this mismatch prevents successful vMotion operations. As a result, DRS cannot migrate the running VMs to other hosts. Consequently, the host cannot enter maintenance mode, which blocks host remediation.

To resolve vMotion issues, ensure that virtual switch and port group configurations are consistent across all hosts in the cluster. Follow the steps below to audit and align the settings.

Step1: Verify vSwitch settings

1. Log in to the vCenter web client.
2. Select the problematic host and navigate to Configure > Virtual switches.
3. Locate the relevant vSwitch.
4. Click the ellipsis next to the vSwitch name and select View Settings.
5. Review the settings in the Security tab and the Traffic Shaping tab.
6. Repeat the same steps on the other hosts.
7. Verify that the settings match exactly.

Step 2: Verify port group settings

If the vSwitch settings are consistent but the error persists, check the specific port groups.

1. On the problematic host, locate the port group referenced in the error message (for example, "VM Network").
2. Click the ellipsis next to the port group name and select View Settings.
3. Review the Security tab and Traffic Shaping tab.
4. Repeat the same review on the other hosts.
5. Confirm that the port group settings are identical.

Step 3: Correct configuration inconsistencies

If any inconsistencies are found, make the necessary change to allow for the vMotion.

• If the change needs to be made only at the portgroup level, ensure the Override box is checked to allow the portgroup to use different settings than the vSwitch.
• Changes to the security settings are generally safe to be made live. Howerver, a maintenance window is recommended in case there is any packet loss resulting from the change.
• Unless there is a specific use-case for the security setting, it is recommended to set the security settings to Reject for a more robust security posture.