During a recent NSX deployment when the hosts, NSX Manager, and vCenter resided on different networks with firewalls between them I provided the following KB to the security team to add the required ports to the firewalls.
Well it turns out this KB is missing one very important port requirement. The vCenter server needs access to NSX Manager via port 80/tcp for host preparation for NSX.
vCenter – > NSX Manager -> tcp/80 for Host Prep
There are several other reasons host prep may fail, most notability the availability of Update Manager to approve the installation.