VMware vShield Endpoint reports the error: Lost communication with ESX module
search cancel

VMware vShield Endpoint reports the error: Lost communication with ESX module

book

Article ID: 336864

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • vShield Endpoint reports the error:

    lost communication with ESX module
  • No virtual machines are listed.
  • The syslog.log file located in /var/log/ on the ESXi/ESX host, contains an error similar to:

    WARNING] (EPSEC) [0x451eac] Failed to perform request (Curl error 60 - Peer certificate cannot be authenticated with known CA certificates, payload: ).
    Aug 23 14:44:59 EPSecMux[4529831]: [WARNING] (EPSEC) [0x451eac] Failed to send status to the vSM: VSMCommunicationError@tid=4529836: Failed to perform request. (Curl error 60: Peer certificate cannot

Environment

VMware vShield Endpoint 5.0.x

Cause

This issue may occur if the ESXi/ESX host is running behind a VMware vShield Manager appliance and is having an incorrect time stamp.
 
vShield Manager creates a new certificate the first time it runs. When these errors are seen, the time on the host may be earlier than the time stamp on the vShield Manager certificate. When the time stamps do not match, certificate verification fails.

Resolution

To resolve this issue, ensure that the time on the ESX/ESXi hosts is in sync with vShield Manager.
For more information, see Verifying time synchronization across an ESX/ESXi host environment (1003736).

To configure the NTP Server in vShield Manager:

  1. Log in to the vShield Manager using a supported web browser.
  2. On the vShield Manager inventory panel, click Settings & Reports.
  3. Click the Configuration tab.
  4. In NTP Server, click Edit and type the IP address of your NTP server.
The NTP server establishes a common network time. It is recommended that you use the NTP server used by the Single Sign-On (SSO) server so that the time on the vShield Manager server is synchronized with the NTP server.

Warning: You must reboot the vShield Manager after editing the NTP server details.