• Key Symptoms:

• Datapath Failure: Traffic fails to egress the Network Extension appliance toward the source gateway, despite the extension status appearing healthy.

• UI Status Mismatch: The Network Extension remains "Up" and "Green" in the HCX Manager UI.

• Configuration Drift: The HCX-specific remote.rtr property is stripped from the NSX Management Plane (MP) Logical Switch configuration.

• Log Evidence: 

•  The NSX Manager logs (typically /var/log/proton/nsxapi.log or syslog) record activity from the SegmentTzUpdateMigrationTask coinciding with the connectivity loss:

INFO main MigrationTask - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Looking for LS for segment with internal key: LogicalSwitch/<LS_ID>, TZ: null
INFO main MigrationTask - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Updated segment: <SEGMENT_PATH> with TZ: <TZ_PATH>

• VMware NSX: 4.1.0, 4.1.1
  
  
• VMware HCX: 4.11.x
  
  
• Platform: VMware Cloud on AWS (VMC) M22, On-Premises NSX

This issue is caused by a synchronization logic flaw between the NSX Policy Plane and the Management Plane (MP) regarding HCX-injected properties.

1. Injection: HCX injects the remote.rtr property directly into the MP Logical Switch object to manage routing for extended networks.

2. Overwrite Trigger: During an NSX upgrade or Segment modification, the system triggers the SegmentTzUpdateMigrationTask to reconcile Transport Zone (TZ) paths.

3. Data Loss: If a Segment is identified as missing its TZ path (TZ: null), the migration task forces a configuration push from the Policy Plane to the MP. Since the Policy Plane is not aware of the MP-only remote.rtr property, the update overwrites the Logical Switch with the Policy state, effectively deleting the HCX property.

This issue is permanently resolved in VMware NSX 4.1.2 and later versions.

Recommended Action: Upgrade the NSX environment to version 4.1.2 or higher to prevent the SegmentTzUpdateMigrationTask from stripping unmanaged MP properties.

Workaround

If an immediate upgrade to NSX 4.1.2 is not feasible, use the following procedure to restore connectivity by forcing HCX to re-inject the missing property.

1. Identify the Segment: Log in to the HCX Manager UI and locate the Network Extension reporting connectivity issues.

2. Un-extend: Select the affected extension and click Un-extend. Wait for the operation to complete and the network to detach.

3. Re-extend: Select the network again and click Extend.

   • Technical validation: This action triggers a fresh workflow in HCX, which re-applies the remote.rtr property to the underlying NSX Logical Switch, restoring the datapath.