Controller connectivity is lost after you upgrade your hosts.

1. Open an SSH session to the ESXi host experiencing the issue and confirm that none of the three NSX controllers are in a connected state. Run the nsxcli -c get controllers command.
   Example response:

   Controller IP    Port  SSL     Status       Is Physical Master   Session State    Controller FQDN
   192.168.60.5    1235  enabled  disconnected   true                  down          nsxmgr.corp.com
   

   In a working configuration, two controllers display the not used status and one controller has the connected status. If the NSX controller shows connected, refresh the UI and confirm that the status is green. If the controller shows not connected, continue to the next step.
2. Open an SSH session to one of the NSX Manager nodes as admin and run the get certificate api thumbprint command.
   The command output is a string of alphanumeric numbers that is unique to this NSX Manager.
3. On the ESXi host, push the host certificate to the Management Plane:

   ESXi1> nsxcli -c push host-certificate <NSX Manager IP or FQDN> username admin thumbprint <thumbprint obtained in step #1>

   When prompted, enter the admin user password for the NSX Manager. See the NSX-T Data Center Command-Line Interface Reference for more information.
4. Confirm the controller status is connected.

   ESXi1> nsxcli -c get controllers

   Confirm the controller connection state is green on the UI for this Transport Node.
   If this issue continues, restart the following NSX services on the ESXi host:

   ESXi1> /etc/init.d/nsx-opsagent restart

   ESXi1> /etc/init.d/nsx-proxy restart