vSAN versions: 70u1 & 70u2
Proxy enabled
"vSAN Support Insight" Health check fails with the error Unable to query vSAN Information Check vSphere client logs for details.
"vSAN Support Insight" - issue with internet connectivity.
The curl output connection could be made to the vcsa.vmware.com, but the content is 403 Forbidden.
root@vc [ ~ ]# curl -v https://vcsa.vmware.com:443
* Rebuilt URL to: https://vcsa.vmware.com:443/
* Uses proxy env variable no_proxy == 'localhost, 127.0.0.1, ww-xxx.com, xxxxx.ww-xxx.com, xxxxx.ww-xxxxx.com, xxx.ww-xxx.com, xxxxx.ww-xxxx.com'
* Uses proxy env variable https_proxy == 'http://proxy.ww-xxxx.com:3128/'
* Trying 192.168.149.28...
* TCP_NODELAY set
* Connected to proxy.ww-xxxx.com (192.168.x.x) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to vcsa.vmware.com:443
CONNECT vcsa.vmware.com:443 HTTP/1.1
Host: vcsa.vmware.com:443
User-Agent: curl/7.61.1
Proxy-Connection: Keep-Alive
< HTTP/1.0 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW::@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
............
.....
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc; CN=vcsa.vmware.com
* start date: May 28 16:38:55 2019 GMT
* expire date: May 28 17:08:53 2021 GMT
* subjectAltName: host "vcsa.vmware.com" matched cert's "vcsa.vmware.com"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
............
< Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host proxy.ww-xxxx.com left intact
var/log/vmware/vsan-health/vmware-vsan-health-service.log
======================================================
2021-01-11T08:57:34.313Z WARNING vsan-mgmt[11673] [VsanCloudHealthUtil::isVsanIntelligentPlaftormEnabled opID=noOpId] vSphere Intelligent Platform is not available.
2021-01-11T08:57:34.319Z ERROR vsan-mgmt[11673] [VsanHttpRequestWrapper::urlopen opID=noOpId] Exception while sending request: Cannot resolve localhost or Internet websites.
2021-01-07T09:13:38.783Z ERROR vsan-mgmt[16753] [VsanHttpRequestWrapper::_checkHostNameResolutionEnabled opID=W1] Cannot resolve host name.
Traceback (most recent call last):
File "/build/mts/release/bora-17327517/bora/build/vcenter/release/pkg/vsan-health/stage/usr/lib/vmware-vpx/vsan-health/pyMoVsan/VsanHttpRequestWrapper.py", line 47, in _checkHostNameResolutionEnabled
socket.gaierror: [Errno -2] Name or service not known
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.