When deploying or migrating Guest Cluster nodes in a vSphere with Tanzu environment, the following symptoms may occur:

• Supervisor Cluster VMOP logs report the following error: 'VirtualMachine "msg"="Provider failed to update VirtualMachine" "error"="opaque network with ID '########' not found"'.
• Guest Cluster node deployment remains stuck in a Provisioning state.
• New VMs are deployed but fail to power on.
• The VM summary in vSphere reveals that the wrong network is selected.
• Description of the VNETIF associated with the VM object shows "SuccessfulRealizedNSXResource"

VMware vSphere with Tanzu 7.0, 8.0
VMware NSX

The "opaque network with id not found" error occurs when vCenter cannot associate a VM's network interface with the required NSX-managed segment. Common causes include:

• Unprepared ESXi Hosts:
  • ESXi hosts added to the vSphere cluster have not been prepared for NSX as Transport Nodes
  • vSphere Cluster Network Failure
• Unresponsive NSX Manager:
  • A high CPU condition on the NSX Manager prevents vCenter from retrieving updated port bindings during VM power-on or HA events.
  • NSX nodes crashed
• Certificate Issues: The certificate between vCenter and NSX is modified, expired, or untrusted.
• Multiple VDS:
  • More than one VDS was manually added to the NSX Overlay Transport Zone
  • vSphere Cluster Network Failure

Depending on the identified cause, follow the appropriate remediation steps:

1. Prepare ESXi Hosts:
   • Ensure all ESXi hosts in the vSphere cluster are prepared as NSX-T Transport Nodes. Reference Prepare ESXi Individual Hosts as Transport Nodes or Prepare ESXi Cluster Hosts as Transport Nodes by Using Transport Node Profiles
   • If hosts cannot be prepared, remove them from the cluster to prevent them from hosting Tanzu workloads. vSphere Guest Cluster Network Failure
2. Restore NSX Manager Health:
   • Reboot any unresponsive NSX Manager nodes to mitigate high CPU usage.
   • Verify that the NSX Manager cluster status is healthy and that controller connectivity is UP. NSX nodes crashed
3. Validate Trust and Certificates:
   • Verify the trust relationship between vCenter and NSX Manager.
   • If certificates have expired, refer to the Master vSphere Supervisor Certificate Guide
4. Force Port Re-binding:
   • Migrate the affected Guest Cluster VM to a different, healthy ESXi host via vMotion. This triggers vCenter to request fresh opaque port bindings from the NSX Manager. NSX nodes crashed