vSAN Health - Network - vSAN: Advanced (https) connectivity check
search cancel

vSAN Health - Network - vSAN: Advanced (https) connectivity check


Article ID: 326709


Updated On:


VMware vSAN


This article introduces vSAN: Advanced (https) connectivity check and provides details on why it might report an error and how to fix the error state.


VMware vSAN 8.0.x


Q: What does the vSAN: Advanced (https) connectivity check do? 

Hosts need to call peer vSAN API on inter-host connection, so the inter-host connectivity is critical for vSAN API call, this health check is to check the connectivity state between hosts in a cluster and report errors if any connection between any hosts is not healthy.

The state 'healthy' means that a host can call peer vSAN API via a connection with a peer, otherwise, the connection between host and peer is marked as unhealthy and health reports errors and remediation for users.

Note: This check is only applicable when File Service is enabled 

This health check will skip the witness node, metadata node, and remote nodes of other clusters.

Q: What does it mean when it is in an error state?

It means that a host cannot call vSAN API with a peer.

Q: How does one troubleshoot and fix the error state?

Many reasons can lead to the host not being able to call peer vSAN API, this health check will recommend different remediations.

SSL certificate error (See Image 1)

To remediate the SSL related error, you can renew the host certificate with the following steps

  1. Login to VMware vCenter.
  2. Go to the host, click 'Configure' >'System' > 'Certificate'.
  3. Click 'RENEW' button.
  4. Login to VMware vCenter machine and restart the vSAN health service to renew and publish the certificate. On Windows vCenter Server, use Service Manager; On vCenter Server Appliance, run the command 'vmon-cli -r vsan-health'.
  5. Verify the CA file '/etc/vmware/ssl/castore.pem' is not empty.
Connection refused error (See Image 2)You can try to restart the peer host.
Socket timeout error (See Image 3)You can check if there is Network congestion or blocking firewall rules and make sure the peer is reachable
Http exception error (See Image 4)You can restart the peer host vsanmgmtd service by command /etc/init.d/vsanmgmtd restart
Memory errorYou can restart the host vsanmgmtd service by command /etc/init.d/vsanmgmtd restart
System errorYou can reboot host or restart the host vsanmgmtd service by command /etc/init.d/vsanmgmtd restart
OS errorYou can check if the peer network is unreachable and make sure the peer network is reachable

Image 1

Image 2
Image 3
Image 4