• ESXi hosts fail to enter maintenance mode during ESXi Host Upgrade.
• vMotion fails for virtual machines with the following error:
  "Currently connected network interface 'Network adapter 1' uses network 'DVSwitch_ID NSX port group [dvportgroup-<ID>](nsxa down)', which is not accessible". 
• In the NSX UI the Host are in "Host Disconnected" status with below error as Communication between the ESXi host and NSX Managers is disrupted,
  "Heartbeating between NSX management node and host <Host_Node_UUID> is down." 
• You also see alarms for ESXi Host Transport Node Certificate Expired
  "Transport Node Certificate Expired" "Certificate has expired for Transport node <Host_Node_UUID>."

VMware NSX
VMware vSphere ESXi

Communication failure between ESXi hosts and NSX Managers caused by an expired Host Transport Node Certificate.

• Identify all impacted Transport Nodes in the NSX UI exhibiting "Host Disconnected" or "Transport Node Certificate Expired" alarms.
• For hosts in a disconnected state where standard certificate rotation fails, follow the manual recovery steps detailed in Alarm For Transport Node Certificate Has Expired.
• For hosts with certificates nearing expiration that are still in a "Success" state, run the CARR Script to proactively replace the expiring certificates across the NSX environment.
• Verify that the Host status returns to "Success" and "Up" in the NSX Manager UI.
• Re-attempt the ESXi host upgrade and vMotion tasks.

Alarm For Transport Node Certificate Has Expired