Unable to configure HA agents on all hosts when management network used by vCenter Server is not accessible among hosts
search cancel

Unable to configure HA agents on all hosts when management network used by vCenter Server is not accessible among hosts

book

Article ID: 310580

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • Cannot configure HA agents on hosts
  • Configuring HA agents on all hosts fail when management network used by vCenter Server is not accessible among hosts
  • Issue experience in these scenario:

Scenario 1

  • Each host in the cluster has two vmkernel ports in subnet 10.47.70.## and 192.168.242.## respectively.
  • vCenter Server is connecting to each host on subnet 10.47.70.##, which is in an Isolated PVLAN. DNS is set to resolve the host names to their Isolated PVLAN IP address only and hosts cannot talk to each other on this subnet because they are a part of the same Isolated PVLAN.
  • The HA cluster is set to use 192.168.242.## subnet for HA heartbeat among hosts and the subnet is setup in Standard VLAN by enabling this vmkernel port group for vMotion and Management Traffic.
  • Isolation address is set to the gateway device for Isolated PVLAN subnet with an IP address 10.47.70.## as the other subnet is not routable and no device is set to work as isolation address for the secondary vmkernel port used for the Management traffic.
  • Each host's /etc/hosts files are updated with all host's secondary vmkernel port subnet address to resolve among themselves.
  • You have added these advanced configuration parameter in the HA Advanced Settings to ensure that HA heartbeat uses only specified network for Management traffic:

    • das.AllowVmotionNetworks is set to true
    • das.AllowNetwork0 is set to the dvsPort group name used for secondary vmkernel port on standard VLAN

Scenario 2

  • Each host in the cluster has two vmkernel ports in subnet 10.47.70.## and 192.168.242.## respectively.
  • vCenter Server is connecting to each host on subnet 10.47.70.##, which is in an Isolated PVLAN. DNS is set to resolve the host names to their Isolated PVLAN IP address only and hosts cannot talk to each other on this subnet because they are a part of the same Isolated PVLAN.
  • The HA cluster is set to use both vmkernel ports by enabling the Management traffic on both the vmkernel port groups.
  • Isolation address is set to the gateway device for Isolated PVLAN subnet with an IP address 10.47.70.## as the other subnet is not routable and no device is set to work as isolation address for the secondary vmkernel port used for Management traffic.
  • Each host's /etc/hosts files are updated with all host's secondary vmkernel port subnet address to resolve among themselves.



Environment

VMware vSphere

Cause

This issue occurs because both scenarios mentioned in the Symptoms section are not supported by VMware and may affect the functionality of the HA agent on any of the nodes intermittently.
 
To be fully supported by Broadcom, the HA agent must meet these configuration requirements:
  • There must be at least one management network in common among all hosts and the best practice is to have at least two.

    For more information, see the  vSphere Availability guide.

  • The management network that vCenter Server uses to access the hosts must be accessible among all the hosts to access each other. If you decide to isolate the Management network among hosts, for example using Isolated PVLAN port groups, the configuration does not work.

Resolution

To resolve this issue, ensure that there is a Management Network where vCenter Server and the ESXi hosts are fully accessible, so that HA can configure and work properly.

Powered by Wolken Software