"Error connecting to host.: Set error flag: retriable; Failed to create NFC connection to 902 via ip Any: SSL required; establish nc connection on host-XX" Error configuring VM replication
search cancel

"Error connecting to host.: Set error flag: retriable; Failed to create NFC connection to 902 via ip Any: SSL required; establish nc connection on host-XX" Error configuring VM replication

book

Article ID: 325696

calendar_today

Updated On:

Products

VMware Live Recovery VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • After configuring Replication for a VM, its replication status is showing as Non-Active
  • In the VM's Summary, an error status similar to the following is shown:

    "Error for (diskId: "RDID-xxxx"), (flags: on-disk-open, retriable): Error connecting to host.: Set error flag: retriable; Failed to create NFC connection to <IP> 902 via ip Any: SSL required; establish nfc connection on host-XX; Tried operation 4 times, giving up"

  • In the vmware-vum-server-logcpp.log file, you see entries similar to:

    [2018-09-25 15:55:25:028 'SingleHostUpgradeScanTask.SingleHostUpgradeScanTask{3901}' 139945427724032 INFO] [singleHostUpgradeScanTask, 336] Scanning host example.com against upgrade VMware ESXi 6.5.0 Update 2 (profile name = DellEMC-ESXi-6.5U2-8935087-A01)
    [2018-09-25 15:55:25:081 'Activation.trace' 139945437566720 INFO] [activationValidator, 1023] ------------------------------------------------------ Invoking queryBaselineComplianceStatus on integrity.ComplianceStatusManager:Integrity.ComplianceStatusMgr Arg entity: 'vim.HostSystem:056ead00-5fe6-4ee2-878f-2e6818bf9b59:host-21072' ------
    [2018-09-25 15:55:25:083 'Activation' 139945437566720 INFO] [activationValidator, 367] Leave Validate. Succeeded for integrity.ComplianceStatusManager.queryBaselineComplianceStatus on target: Integrity.ComplianceStatusMgr
    [2018-09-25 15:55:25:083 'Activation.trace' 139945437566720 INFO] [activationValidator, 1087] Invoke done: integrity.ComplianceStatusManager.queryBaselineComplianceStatus Result: (integrity.BaselineComplianceStatus) [ (integrity.BaselineComplianceStatus) { key = 9, status = "Unknown" }, (integrity.BaselineComplianceStatus) { key = 11, status = "NotCompliant" } ]
    [2018-09-25 15:55:25:091 'Activation' 139945439164160 INFO] [activationValidator, 367] Leave Validate. Succeeded for integrity.BaselineManager.queryForEntity on target:Integrity.BaselineMgr
    [2018-09-25 15:55:25:101 'Activation' 139945432250112 INFO] [activationValidator, 367] Leave Validate. Succeeded for integrity.BaselineManager.get on target: Integrity.BaselineMgr
    [2018-09-25 15:55:25:102 'BaselineMgr' 139945432250112 DEBUG] [baselineMgr, 1136] Got spec for baseline id: 9, name: HPEG9+_ESXi6.5U2_8294253
    [2018-09-25 15:55:25:102 'BaselineMgr' 139945432250112 DEBUG] [baselineMgr, 1136] Got spec for baseline id: 11, name: HP_Patches_081518
    [2018-09-25 15:55:25:212 'VciScanTask.ScanTask{3896}' 139945427724032 DEBUG] [vciTaskBase, 741] New progress 11 for ScanTask{3896}
    [2018-09-25 15:55:25:316 'LoggerCallback' 139945427724032 WARN] [logUtil, 524] [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: SSL required
    [2018-09-25 15:55:25:316 'HUHelpers' 139945427724032 ERROR] [helpers, 112] Copying agent binaries to host : host-21072,error: Failed to establish NFC connection: SSL required
    [2018-09-25 15:55:25:374 'AgentDeploy' 139945427724032 INFO] [agentDeploy, 172] Deploy agent,localinstaller./docroot/vci/vua/vua-uninst6/vua-uninst.sh, localSig = ./docroot/vci/vua/vua-uninst6/vua-uninst.sig
    [2018-09-25 15:55:25:418 'LoggerCallback' 139945427724032 WARN] [logUtil, 524] [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: SSL required
    [2018-09-25 15:55:25:419 'HUHelpers' 139945427724032 ERROR] [helpers, 166] Exception while uninstalling agent on host: Failed to establish NFC connection: SSL required
    [2018-09-25 15:55:25:419 'SingleHostUpgradeScanTask.SingleHostUpgradeScanTask{3901}' 139945427724032 ERROR] [singleHostUpgradeScanTask, 267] Caught method fault: integrity.fault.HostUpgradeNfcCopyFailure

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Cause

This issue occurs when SSL authentication is disabled on target site ESXi hosts, for port 902.
SSL authentication is enabled on ESX/ESXi hosts by default.

Resolution

To resolve this issue, re-enable SSL authentication for ESXi hosts on port 902, from the vSphere Web Client:
  • Open the vSphere Web Client and select the host in the inventory.
  • Click the Settings tab, and select Advanced System Settings under System.
  • Search for SSL, select the Config.Defaults.security.host.ruissl setting and click the Edit icon.
To enable SSL authentication from vSphere Client:
  • Directly connect to the host using the vSphere Client.
  • Click the Configuration tab.
  • Under Software, click Advanced Settings.
  • Expand Config > Defaults.
  • Expand Security and select host.
  • Select the option to enable SSL authentication.
To enable SSL authentication using Tech Support Mode or the ESXi Shell:
  • Connect directly to the host as a user with root privileges. The ESXi 5.0 host can be accessed using Tech Support Mode (TSM). ESXi 5.1 and later include the ESXi shell.
  • Open the /etc/vmware/config file using a text editor.
  • Locate the security.host.ruissl entry.
  • Change the value of security.host.ruissl from FALSE to TRUE.
If it is set to no, change it to yes.

Note: If the security.host.ruissl entry is not available in the /etc/vmware/config file, add the entry and set it to TRUE.
 


Powered by Wolken Software