NFS datastore connection failure or mount error in ESXi
search cancel

NFS datastore connection failure or mount error in ESXi

book

Article ID: 308081

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • ESXi hosts may encounter failures when attempting to mount or maintain connectivity to an NFS network share. These issues often manifest as unresponsive hosts during the boot process or datastores appearing as "Inaccessible." Common indicators include RPC status 13 (Permission Denied) or VSI node (501) errors. Proper resolution requires validating network pathing, firewall rules on ports 111/2049, and ensuring the NFS server is configured with no_root_squash and read/write permissions.
  • Hosts become unresponsive during the boot cycle.
  • NFS datastores are listed as "Inaccessible" in vSphere Client.
  • Error messages in VMkernel.log or vobd.log:
      • NFS Error: Unable to connect to NFS server
      • WARNING: NFS: 898: RPC error 12 (RPC failed)
      • RPC status 13 (RPC was aborted due to timeout)
      • [esx.problem.vmfs.nfs.mount.connect.failed] Failed to mount to server... VSI node (501)

Environment

    • Hypervisor: ESXi 7.x, 8.x (including 8.0 Update 3), 9.x
    • Storage Vendors: NetApp, TrueNAS, Dell PowerStore
    • Symptoms reported in: Veeam restoration, environment maintenance, switch replacements

Cause

This issue is typically caused by one of the following environmental factors:

  • Network Pathing: Connectivity issues between the ESXi VMkernel port and the NFS server.
  • Permissions: The NFS share is not set to Anonymous userRoot Access (no_root_squash), or Read/Write.
  • Firewall: Ports 111 or 2049 (TCP/UDP) are blocked at the host, storage, or physical switch level.
  • DNS/LDAP: Duplicate DNS entries for the storage VIP or unreachable LDAP servers preventing permission resolution for the share.

Resolution

Follow these steps to restore NFS connectivity. Execute all CLI commands from the ESXi shell with root privileges.

1. Validate Basic Connectivity

  • Verify the host can reach the storage IP using vmkpingvmkping -I vmkX ####.####.####.####
  • If pings fail despite correct cabling, remove and reconfigure the storage VMkernel interface (vmk).

2. Restore or Refresh Mounts

Refresh the NFS mount state to clear transient communication errors:

  • ESXi 9.1 and later:
    esxcli storage nfs restore
  • ESXi 9.0 and earlier:
    esxcfg-nas -r

3. Manual CLI Mounting

If the datastore is missing from the list, attempt to add it manually: esxcli storage nfs add -H <NFS_IP_OR_HOSTNAME> -s <SHARE_PATH> -v <DATASTORE_NAME>

4. Verify Firewall Settings

Ensure the NFS client firewall is enabled on the ESXi host:

  1. Check status: esxcfg-firewall -q
  2. Enable if necessary: esxcfg-firewall --enableService nfsClient
  3. Ensure ports 111 and 2049 are open on the external network and the NFS server.

5. Permission and DNS Check

  • Verify the NFS server permissions are set to no_root_squash.
  • Ensure DNS entries for the NFS server FQDN are unique and point to the correct Virtual IP (VIP).
  • If using LDAP for share permissions and the LDAP server is unreachable, temporarily set permissions to root/wheel to restore access.

Additional Information