Issue / Introduction

NSX is unable to retrieve or synchronize security license "vDefend" from the License Hub. This prevents new license assignments from appearing and may eventually impact access to licensed security features.

NSX >= v9.1.0.0

The NSX Manager is unable to establish a stable connection to the License Hub API. This is typically caused by network connectivity issues, firewall blocks, or the License Hub services being temporarily unavailable.

Log location on NSX manager to check for the below error logs:

/var/log/proton/nsxapi.log

2026-03-06T20:00:05.696Z ERROR NSX 9786 [nsx@4413 comp="nsx-manager" errorCode="MP1" level="ERROR" logger="TaskHelper" msgID="SECURITY" subcomp="manager" threadName="task-scheduler-6"] Failed to execute action LICENSE_POLLING.\norg.springframework.web.client.HttpServerErrorException$ServiceUnavailable: 503 Service Unavailable on GET request for "https://xxxxxxxxxx/licenses": "upstream connect error or disconnect/reset before headers. reset reason: connection timeout”\n
.
.
.
.
2026-03-06T20:00:05.696Z INFO NSX 9786 [nsx@4413 comp="nsx-manager" level="INFO" logger="EndpointAlarmServiceImpl" msgID="POLICY" subcomp="manager" threadName="task-scheduler-6"] Generating an alarm for license polling failure

To restore license synchronization, perform the following troubleshooting steps:

1. Verify Service Status:

   • Log in to the License Hub UI.

   • Navigate to Platform and ensure all services are "Healthy."

   • Check Endpoint Management to see the reported connectivity status for the specific NSX Manager.

2. Test Network Connectivity:

   • From the NSX Manager CLI, verify it can reach the License Hub FQDN:

     curl -k -v https://<License-Hub-FQDN>/licenses
     

   • Ensure Port 443 (HTTPS) is open and not being intercepted by a proxy or firewall between NSX and the License Hub.