During a new deployment of VMware Cloud Foundation (VCF) 9.0.1, the process fails at the Deploy vCenter or  Add Host to Cluster stage. The following symptoms are observed:

•  The vCenter Server VM is automatically rolled back and deleted (destroyed) by the SDDC Manager, As the ESXi host fails to get added to the cluster.
•  Attempts to ping or SSH to ESXi hosts from the vCenter Server subnet fail, while connectivity from the SDDC Manager to the hosts is successful.
• Logs in /var/log/vmware/vcf/domainmanager/domainmanager.log may show
  •  

     

    YYYY-MM-DDHH:MM:Sec,523 - VCSACliInstallLogger - INFO failed at 07:31:44 PM ====domainmanager/ci-installer-YYYY-MM-DD 879/workflow_###########/
    dynamicType = <unset>,
    dynamicProperty = (vmodl. DynamicProperty) [],
    msg = 'MethodFault.summary',
    faultCause = <unset>,
    faultMessage = (vmodl.LocalizableMessage) [
    (vmodl.LocalizableMessage) {
    dynamicType = <unset>,
    dynamicProperty = (vmodl.DynamicProperty) [],
    key = 'vim. vmware. vlcm.error. batchAddHostsToCluster',
    arg = (vmodl.KeyAnyValue) [],
    message = 'An internal error occurred while adding/moving hosts to the cluster . Check add hosts result for more details.'
    
    }], possible resolution is [Refer to the logs for details]
    YYYY-MM-DDHH:MM:Sec,Msec - VCSACliInstallLogger - INFO -
    YYYY-MM-DDHH:MM:Sec,Msec - VCSACliInstallLogger - ERROR - Traceback (most recent call last):
    File "main.py", line 412, in <module>

     

VCF 9.x

• This issue is caused by incomplete network firewall rules. While communication is often allowed from the SDDC Manager to the management components, VCF 9.0.1 requires bi-directional communication between the newly deployed vCenter Server and the ESXi hosts for vSphere Lifecycle Manager (vLCM) cluster remediation and host addition.
• If the vCenter Server cannot reach the ESXi hosts via ICMP or required management ports (e.g., 443, 902), the vLCM compliance check fails, triggering an automated cleanup (rollback) of the vCenter VM to maintain a clean environment state.

To resolve this deployment failure, ensure that the network infrastructure supports the required connectivity between the vCenter Server and ESXi hosts:

1. Verify Firewall Rules:Confirm that the firewall allows traffic between the vCenter Server IP/Subnet and the ESXi Management IP/Subnet.
2. Check Port Requirements: Ensure the following ports are open from vCenter to ESXi:

• 443 (HTTPS):For management and vSphere Client access.
• 902 (MKS): For host management and VM console access.

3.Test Connectivity: Before restarting the deployment, deploy a temporary test VM on the same subnet intended for the vCenter Server and verify it can ping and SSH to the ESXi hosts.

4. Retry Deployment: Once connectivity is confirmed, re-run the VCF deployment workflow from the SDDC Manager.

VCF 9.X deployment fails at "Deploy vCenter" stage with error 'com.vmware.vcIntegrity.lifecycle.host.communicationFailed'