vSAN support Insight Health check fails with error Unable to query vSAN Information Check vSphere client logs for details when using proxy.
search cancel

vSAN support Insight Health check fails with error Unable to query vSAN Information Check vSphere client logs for details when using proxy.

book

Article ID: 326508

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

Symptoms:

vSAN versions: 70u1 & 70u2
Proxy enabled
"vSAN Support Insight" Health check fails with the error Unable to query vSAN Information Check vSphere client logs for details.

image.png

"vSAN Support Insight" - issue with internet connectivity.
The curl output connection could be made to the vcsa.vmware.com, but the content is 403 Forbidden.
 root@vc [ ~ ]# curl -v https://vcsa.vmware.com:443

* Rebuilt URL to: https://vcsa.vmware.com:443/
* Uses proxy env variable no_proxy == 'localhost, 127.0.0.1, ww-xxx.com, xxxxx.ww-xxx.com, xxxxx.ww-xxxxx.com, xxx.ww-xxx.com, xxxxx.ww-xxxx.com'
* Uses proxy env variable https_proxy == 'http://proxy.ww-xxxx.com:3128/'
* Trying 192.168.149.28...
* TCP_NODELAY set
* Connected to proxy.ww-xxxx.com (192.168.x.x) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to vcsa.vmware.com:443

CONNECT vcsa.vmware.com:443 HTTP/1.1
Host: vcsa.vmware.com:443
User-Agent: curl/7.61.1
Proxy-Connection: Keep-Alive

< HTTP/1.0 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW::@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
............
.....

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc; CN=vcsa.vmware.com
* start date: May 28 16:38:55 2019 GMT
* expire date: May 28 17:08:53 2021 GMT
* subjectAltName: host "vcsa.vmware.com" matched cert's "vcsa.vmware.com"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
............
< Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host proxy.ww-xxxx.com left intact

var/log/vmware/vsan-health/vmware-vsan-health-service.log
======================================================
2021-01-11T08:57:34.313Z WARNING vsan-mgmt[11673] [VsanCloudHealthUtil::isVsanIntelligentPlaftormEnabled opID=noOpId] vSphere Intelligent Platform is not available.
2021-01-11T08:57:34.319Z ERROR vsan-mgmt[11673] [VsanHttpRequestWrapper::urlopen opID=noOpId] Exception while sending request: Cannot resolve localhost or Internet websites.

2021-01-07T09:13:38.783Z ERROR vsan-mgmt[16753] [VsanHttpRequestWrapper::_checkHostNameResolutionEnabled opID=W1] Cannot resolve host name.
Traceback (most recent call last):
File "/build/mts/release/bora-17327517/bora/build/vcenter/release/pkg/vsan-health/stage/usr/lib/vmware-vpx/vsan-health/pyMoVsan/VsanHttpRequestWrapper.py", line 47, in _checkHostNameResolutionEnabled
socket.gaierror: [Errno -2] Name or service not known

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
 


Cause






 

Resolution

Upgrade vCenter and ESXi to version 7.0U2c or higher.

Additional Information

Impact/Risks:
vSAN Support Insight shows the network is not connected