VMware ESX/ESXi host logs timeout errors when trying to establish SSL connections
search cancel

VMware ESX/ESXi host logs timeout errors when trying to establish SSL connections

book

Article ID: 328812

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • ESX/ESXi hosts fail to establish SSL connections
  • In the /var/log/messages or syslog file, you see error similar to:

    Timeout error accepting SSL connection


Environment

VMware ESX 4.0.x
VMware vSphere ESXi 5.0
VMware ESXi 4.1.x Embedded
VMware vSphere ESXi 5.5
VMware ESX 4.1.x
VMware ESXi 4.0.x Embedded
VMware ESXi 4.0.x Installable
VMware vSphere ESXi 5.1
VMware ESXi 4.1.x Installable

Resolution

When an ESX/ESXi host is under a heavy load, the host might fail to establish SSL connections.
This issue occurs because the CIM Object Manager (CIMOM) has already reached the set threshold and is unable to accept new SSL connections.
To resolve this issue, increase the number of simultaneous SSL connections allowed.
To increase the number of simultaneous SSL connections:
  1. Open the /etc/sfcb/sfcb.cfg file in a plain text editor.
  2. Find the httpsProcs property and change it to:

    httpsProcs: 8

  3. Run this command to restart sfcbd-watchdog:

    /etc/init.d/sfcbd-watchdog restart
Note: Hosts having a syslog server configured can also produce these errors, if the ESXi firewall blocks the syslog ports. Ensure to check this in your troubleshooting efforts.