• During an NSX upgrade, Edge nodes may remain stuck at 0% and fail to download the upgrade bundle (NUB) from the NSX Manager. 
• The Edge nodes cannot resolve the FQDN of the NSX Manager.
• Pings from the Edge node to the NSX manager FQDN fails while pinging the managers via IP succeeds. 
• Pings from the Edge node to the DNS server fails.

VMware NSX

• This issue is caused by a lack of network reachability between the NSX Edge nodes and NSX managers using FQDN.
• Since 4.1.0 release,FQDN requirement is introduced on the trust store service, which decides whether an IP address is used to communicate with NSX manager or the FQDN from the edge appliance.
• If the physical network infrastructure drops packets between the Edge location and the DNS server, the Edge cannot resolve the Manager's FQDN to initiate the download.

To resolve this issue, you must ensure the Edge nodes are able to resolve NSX managers FQDN:

1. Log in to the NSX Edge CLI.

2. Verify DNS reachability by pinging your DNS server IP: ping <DNS_Server_IP>

3. Attempt to resolve the NSX Manager FQDN: nslookup <NSX_Manager_FQDN>

4. If these tests fail, work with your Network Administration team to investigate routing drops or firewall blocks between the Edge site and the DNS servers.

5. Once the network team confirms routing is restored, repeat the nslookup to verify the Edge can see the Manager.

6. Resume the upgrade from the NSX Manager UI.

If the issue persists even after having the DNS issues resolved, please open a case with Broadcom Support Team for further troubleshooting.

Similar issue: NSX Manager FQDN resolution fails from Edge nodes (403857).