A Windows virtual machine (VM) with NSX Network Introspection driver (vnetflt.sys) connected to Guest Introspection SVM (USVM) loses its temporary TCP network connectivity for new connections.
When you run the "dmesg" command to show the logs, you see entries similar below:
Out of memory: Kill process <process_id> (java) score <score> or sacrifice child
Upon checking the NSX Manager log, you see the following:
Code:'260007' Event Message: 'Lost communication with ESX module.'
The Guest Introspection Events window also shows the following error:
The NSX Network Introspection driver is used to send network-related events to USVM through Multiplexor (MUX). These network events are used in Activity Monitoring and Identity Firewall.
The driver collects TCP connectivity event and push it to USVM. Since there is a memory leak issue in the underlying connection between MUX and USVM, the USVM Event Manager process is restarted due to insufficient memory. While the event manager process is restarting, the TCP connectivity event collection stays incomplete for a while, which may result in Windows VM connectivity issue.
This issue is already resolved in the following builds available at VMware Downloads:
- VMware NSX for vSphere 6.2.7
- VMware NSX for vSphere 6.3.0
If you do not want to upgrade, you can disable the NSX Network Introspection driver as a workaround:
- Connect to the affected virtual machine using a console or RDP sessions.
- Click Start > Run.
- Type "regedit" and click OK.
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vnetflt\.
- Right-click the Start key and select Modify.
- Change the value to "4" and click OK.
- Close the Registry Editor Window.
- Reboot the virtual machine.