Error: vSphere HA reports that an agent is in the Agent Unreachable state
search cancel

Error: vSphere HA reports that an agent is in the Agent Unreachable state

book

Article ID: 315379

calendar_today

Updated On:

Products

VMware vCenter Server 6.0 VMware vCenter Server 7.0 VMware vCenter Server 8.0 VMware vSphere ESXi 6.0 VMware vSphere ESXi 7.0 VMware vSphere ESXi 8.0

Issue/Introduction

  • The vSphere HA agent is unreachable
  • In the Summary tab of the affected ESXi host, the following error is seen:
    vSphere HA reports that an agent is in the Agent Unreachable state
  • Restarting the management agents does not resolve the issue
  • Restarting the Virtual Center service does not resolve the issue
  • The fdm logs may include the below entries:

    Failed to SSL handshake; SSL.
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> The remote host certificate has these problems:
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> 
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> * Host name does not match the subject name(s) in certificate.
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> 
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> * unable to get local issuer certificate)
    YYYY-MM-DDTHH:MM:SS Er(163) Fdm[2101520]: --> [context]zKq7AVECAQAAABiabwEKZmRtAID8eoEBZmRtAIAbU2oBgHifagGApKJqAYBapGoBgJ4GbAGAgDdsAYBL1IwBAVJ4AGxpYnB0aHJlYWQuc28uMAACDzIPbGliYy5zby42AA==[/context] on handshake

Cause

This issue can occur if there is a network problem that prevents vCenter Server from contacting the primary host and the agent on the host or if all hosts in the cluster have failed.
 
This issue may also occur if the agent on the host has failed and the watchdog process is unable to restart it.

The SSL Certificate does not match to the PNID of the PSC Node. Please check the Subject Alternative Name to see if it is the same as the PNID of the PSC.

Resolution

To resolve this issue:
  1. Determine if vCenter Server is reporting the host as Not Responding. For more information, see Diagnosing an ESX or ESXi host that is Disconnected or Not Responding in vCenter Server.
  2. If the host is in a Not Responding state, there is a network problem or a total cluster failure.
  3. If the vCenter Server reports the hosts as responding:
    • SSH to the ESXi host via root
    • Review the /var/log/vpxa.logfile and check if there are errors related to communication with vCenter Server and the host Management Agent (hostd).
    • Review the /var/log/fdm.logfile (Fault Domain Manager log) and check if there are errors related to vSphere High Availability. For more information, see the vSphere Availability Guide
  4. Right-click the affected host and click Reconfigure for vSphere HA.


For additional troubleshooting information, see:
Check and see port 8182 is  blocked by any firewall


Additional Information

Powered by Wolken Software