You may encounter the following symptoms when deploying Deep Security Virtual Appliance:
1) Successfully deployed the DSVA but activation is failing
2) The DSVA from vCenter view shows only 3 IP address instead of the expected 5 IP address
3) From NSX-T console, the Criteria Alarms shows Partner Channel Down for Endpoint Protection
Troubleshooting
- Login to the DSVA and switch to its terminal console.
- Go to /var/opt/ds_agent/slowpath/ and inspect the configuration files dsva-ovf.env and dsva-ovf.xml
- Verify the IP address assigned and network configuration if same as NSX-T Static IP pool
- Check the /var/opt/messages log and search the IP address that assigned to DSVA and show the IP already used by other.
- From NSX-T manager console, confirm the IP already in use by ESX host for TEP IP addresses.
Workaround
1) Delete the current deployment plan and re-deploy DSVA . Change the NIC0 to use DHCP instead of Static IP Pool
Here is an article from VMware that addresses the same issue: Service Status Unknown or Endpoint Protection fails to get IP Address (vmware.com)