ESXi host fails to connect with the NSX controllers
book
Article ID: 339145
calendar_today
Updated On:
Products
VMware NSX Networking
Show More
Show Less
Issue/Introduction
Symptoms:
ESXi host is unable to connect to the Control Plane. In the netcpa.log file, you see entries similar to: 2017-06-07T00:47:56.461Z error netcpa[37140B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read 2017-06-07T03:17:57.439Z error netcpa[37603B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read 2017-06-07T06:17:58.561Z error netcpa[37181B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.10:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read 2017-06-07T07:47:59.128Z error netcpa[36D81B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read In the vsm.log file, you see entries similar to: 2017-06-06 17:10:50.785 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.10) return error org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.10:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out 2017-06-06 17:11:00.811 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.9) return error org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.9:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out 2017-06-06 17:11:07.707 GMT+00:00 ERROR NVPInactiveNodeCheck NvpRestClientManagerImpl:891 - nvp controller node 172.16.0.10 fails: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://172.16.0.10:443/ws.v1/login": Connect to 172.16.0.10:443 [/172.16.0.10] failed: connect timed out; nested exception is org.apache.http.conn.ConnectTimeoutException: Connect to 172.16.0.10:443 [/172.16.0.10] failed: connect timed out 2017-06-06 17:11:10.818 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.11) return error org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.11:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out In the Controller logs, you see entries similar to: 2017-06-06 18:32:50,347 19123181348 [listener] INFO com.vmware.controller.server.Listener - Accept Connection [ip=172.24.2.26:46115, cnnId=21264] from /172.24.2.26:46115 2017-06-06 18:32:50,357 19123181358 [reader 3] ERROR com.vmware.controller.server.ssl.SelfSignedX509TrustManager - Unknow chassis certificate: [ [ Version: V3 Subject: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US" Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 22911650522799465929163707326918080254704523027188317203645647153931638466371122064197258058841116911989320009855294745617721779386019557021249605122136935010401 36836560115024772432023329796195620130983113379731661924922830333592692791543147876405959524921451570805385813377696469386291738246946920048747704248124484079384552745316 66112531666589757995492441394796111464829401754007815754348273682553447185738440211794264079252464938057216938803523707224061663150480722911564461043934851115967587589348 39992978266706878205075684179188691037974878624050280597452927405166323249390673946856460750742686036206044340415301 public exponent: 65537 Validity: [From: Fri Apr 28 10:14:16 UTC 2017, To: Tue Sep 13 10:14:16 UTC 2044] Issuer: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US" SerialNumber: [ 015bb40d d45c] >2017-06-07T14:28:04.785693+00:00 2017-06-07 14: 28:04,785 19194224947 [reader 1] ERROR com.vmware.controller.server.ssl.SelfSignedX509TrustManager - Unknow chassis certificate: [#012[#012 Version: V3#012 Subject: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US"#012 Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11#012#012 Key: Sun RSA public key, 2048 bits#012 modulus: 229116505227994659291637073269180802547045230271883172036456471539316384663711220641972580588411169 119893200098552947456177217793860195570212496051221369350104013683656011502477243202332979619562013098311337973166192492283033359269279154314787640595..
Note : The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware NSX for vSphere 6.3.x VMware NSX for vSphere 6.2.x
Cause
This issue occurs when the Controller fails to authenticate the certificate of the host causing the handshake to fail.
Resolution
This issue is resolved in VMware NSX for vSphere 6.3.5, available at
VMware Downloads .
To work around this issue if you do not want to upgrade, navigate to Network & Security > Installation > Management > NSX Manager > Actions > Update Controller State to pick up the new certificate.
Additional Information
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.
Feedback
thumb_up
Yes
thumb_down
No