When attempting to migrate a Virtual Machine (vMotion or Cold Migration) between two ESXi 8.0.x clusters separated by a NAT boundary, the following symptoms occur:

• The migration task consistently fails at 22%.
• The vSphere Client reports the error: "The operation is not supported on the object."
• In one direction (e.g., Internal to Remote), the migration may succeed, but the reverse direction (Remote to Internal) fails.
• Reviewing the hostd.log on the source or destination ESXi host at the time of failure reveals the following log entries:

error 'NfcManager'] Copy spec validation error: Both source and destination locations cannot be remote

error 'NfcManager'] Copy operation failed with error: N5Vmomi5Fault12NotSupported9ExceptionE(Fault cause: vmodl.fault.NotSupported)

• VMware ESXi
• VMware vCenter Server

• This issue is caused by a reachability mismatch during the Network File Copy (NFC) handover phase.
• In a NAT environment, if the remote ESXi host cannot directly reach or resolve the internal IP addresses of the destination hosts (because they are behind a NAT that has not been mapped for the return path), the migration specification is flagged as "remote to remote" or unreachable, and the operation is aborted.

To resolve this issue, bidirectional connectivity and proper name resolution must be established between all ESXi hosts across the NAT boundary.

• Configure Bidirectional NAT

Ensure that the router/firewall at the internal site has NAT entries for all ESXi hosts in the cluster. The remote host must be able to initiate connections to the internal hosts using their NATed public/corporate IP addresses.

• Open Required Ports

Verify that the following ports are open bi-directionally between the remote site and the internal site:

• • 8000 (TCP): vMotion traffic.
  • 443 (TCP): Management communication (vCenter to ESXi).
  • 902 (TCP): vSphere NFC and Heartbeat.

• Verify Name Resolution

ESXi hosts must be able to resolve each other's names (FQDN) to the correct reachable IP address.

• • If DNS is not available across sites, update the /etc/hosts file on each ESXi host with the IP and FQDN of the hosts in the opposing cluster.

• Refresh Host Connections

After making network changes, refresh the host state in vCenter:

1. Right-click the affected ESXi host in the vSphere Client.
2. Select Connection > Disconnect.
3. Wait 30 seconds, then select Connection > Connect. Note: This forces a refresh of the host's SSL thumbprint and NFC identifiers in the vCenter database.

Related KBs:

Troubleshooting vMotion Network related errors

vMotion fails with the error: Migration to host failed with error timeout (0xbad0020)

vMotion failing with error - "Failed waiting for data. Error 195887167. Connection closed by remote host, possibly due to timeout"

Error: "The operation is not supported on the object" when performing cold VM migrations after upgrading to vCenter 8.0