During a vCenter Server upgrade from version 7.0.x to 8.0.x, the process fails during the Phase 2 (pre-check) stage.

The error is recorded in the /var/log/vmware/upgrade/requirements-upgrade-runner.log

[YYYY-MM-DDT HH:MM:SS] ERROR upgrade_commands Pre-upgrade checks errors:
[YYYY-MM-DDT HH:MM:SS] ERROR upgrade_commands {'text': {'id': 'upgrade.vmafd.precheck.error.text', 'translatable': 'VMDir Replication between partners is not working', 'localized': 'VMDir Replication between partners is not working'}}

• VMware vCenter Server 7.0.x
• VMware vCenter Server 8.0.x

The vCenter upgrade framework executes the vdcrepadmin tool to verify the health of the VMware Directory Service (VMDir) before proceeding. In environments where a network proxy is configured, LDAP traffic on Port 389 may be intercepted or restricted. If the source vCenter cannot reach its replication partners on Port 389, the pre-check fails with the error "VMDir Replication between partners is not working," even if the services on both nodes are active.

1. Log in to the source vCenter Server via SSH.
   
   
2. Test the connection to the partner vCenter node on Port 389:
   
   • nc -zv <Partner_vCenter_FQDN> 389
3. If the command fails to return an "Open" status, check if a proxy is configured on the appliance:
   
   
4. If a proxy is present, ensure all internal vCenter FQDNs and IP addresses are included in the NO_PROXY environment variable.
   • How to configure proxy settings for vCenter Server
5. Work with the network administration team to whitelist Port 389 for direct communication between vCenter appliances, bypassing any SSL inspecting or restrictive proxies.
   
   
6. Once connectivity is restored, restart the vCenter upgrade Phase 2 pre-check.

If Port 389 is confirmed open but the error persists, refer to Article 312122 to verify if the VMDir is in a Read-Only state.