Hi,
I'm facing a strange behave and I have no clue how to fix it.
I have 2 ESXi v5.0 (host-A, host-B) connected to vCenter v5.1.
I used yesterday UpdateManager to patch the ESXi host-A (v5.0 504890), from vSphere client, moved all VM to the host-B, entered the maintenance mode, and applied the patchs, after the host reboot and I see a new version v5.0 914586 but then vCenter was unable to reconnect to continue the Update process. The ESXi host-a is in a "disconnected" state.
When I try to reconnect to it I get the error message:
"Cannot contact the specified host (host-A) . The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.
Target: host-a.domain.local
vCenter Server: vCenter.domain.local"
After than the "Add Host Wizard" is shown, and ask me for credentials, entering the credentials will not fix it, the following error message appear:
"Request timeout"
Investigating a bit on the log files, I found the following warnings record in the host-A vpxa.log (/var/log/vpxa.log):
[3F1AEB90 warning 'Libs'] SSL_VerifyX509: Certificate verification is disabled, so connection will proceed despite the error
The problem is experience is not related to the update but to the reboot of the server and a problem of communication between vCenter and the ESXi host.
This is happening since I updated the certificates following the kb2015383 (Implementing CA signed SSL certificates with vSphere 5.0)
Information about the infrastrucutre:
- since all ssl certificates were installed, they are no warnings of unknown ceriticates.
- the new certificates were issued by an internal CA
- all vSphere modules were updated with the new certificates (SSO, update manager, vcenter, inventory, webservices, webclient)
- all ESXi hosts were updated with a new certifcates with the FQDN (host-A.domain.local), browsing the website of the host confirm the correct certificate present
- when the host was connected to vCenter, all communications worked fine. Managing VMs and configuring the host
- I'm able to connect to the ESXi host-A directly from vSphere client without certificate warnings or errors, all features are available
- the ESXi hosts security profile is setup correctly. vpxa is running, and the firewall is allowing connections
- the hosts are setup to an internal DNS server. The DNS A records are pointing to the right hosts' IPs
- the hosts network "Custom DNS Suffixes" are set to "domain.local"
- the hosts are jointed to the domain
- Restarting the Management Network or the Management Agents don't solve the problem
- Restarting the ESXi host don't solve the problem
- from vCenter server I'm able to telnet to host-A port 902, the welcome message is "220 VMware authentification Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC, VMXARGS supports"
- I presume if I reboot the ESXi host-B, the same behave will happened.
A few days ago I had the same problem with reconnecting to host-A problems, at that moment, the network settings were set to DHCP, I changed the setting to STATIC with the exact same IP/subnet and gateway, and then the host-A was immediately found by vCenter when doing reconnect.
Still today the IP is still set as STATIC.
The same reconnection problem occur here, so I presume it's not linked to the IP setting
If someone have an idea how to fix this, I will be glade to hear it :-)))))))))
Thank you in advance