Cannot add or connect an ESXi 4.1 host to vCenter Server 5.x
Article ID: 342995
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- Cannot connect a disconnected ESXi 4.1 host or add a new ESXi 4.1 host to vCenter Server 5.x
- You see an error indicating a failed vCenter Server agent upgrade
- If you manually install the vCenter Server agent on the host, the connection still fails and reports an error that there are no licenses available
- In the vpxd.log file, you see entries similar to:
[04712 info 'Libs' opID=9733331D-0000414A] CnxAuthdConnect: Returning false because SSL verification requested and target authd does not support SSL
[04712 info 'Libs' opID=9733331D-0000414A] CnxConnectAuthd: Returning false because CnxAuthdConnect failed
[04712 info 'Libs' opID=9733331D-0000414A] Cnx_Connect: Returning false because CnxConnectAuthd failed
[04712 info 'Libs' opID=9733331D-0000414A] Cnx_Connect: Error message: SSL required
[04712 error 'Default' opID=9733331D-0000414A] [VpxNfcClient] Unable to connect to NFC server: SSL required
[04712 error 'Default' opID=9733331D-0000414A] [LicMgr] DownloadDlfs got an exception: vim.fault.HostConnectFault
[04712 info 'vmomi.soapStub[172]' opID=9733331D-0000414A] Resetting stub adapter for server TCP:1.1.1.1:XXX : Closed
[04712 error 'Default' opID=9733331D-0000414A] [HostInvtOps::AddStandaloneHost] Failed to add host as connected, cleaning up
[03164 error 'Default'] SSLStreamImpl::DoClientHandshake (0000000000000000) SSL_connect failed. Dumping SSL error queue:
[03164 error 'Default'] [0] error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[03164 error 'HttpConnectionPool'] [ConnectComplete] Connect error SSL Exception: The remote host certificate has these problems:
-->
--> * unable to get local issuer certificate
-->
--> * Host name does not match the subject name(s) in certificate.
[04712 error 'Default' opID=9733331D-0000414A] [VpxdInvtHost::HandlePreRemovalCleanup] Failed to reconnect to cleanup before host removal : class Vim::Fault::SSLVerifyFault::Exception(vim.fault.SSLVerifyFault)
Note: For more information on the location of logs on the vCenter Server, see Location of vCenter Server log files (1021804).
Environment
VMware ESXi 4.1.x Installable
VMware ESXi 4.1.x Embedded
VMware vCenter Server 5.0.x
VMware vCenter Server 5.1.x
VMware ESXi 4.1.x Embedded
VMware vCenter Server 5.0.x
VMware vCenter Server 5.1.x
Cause
This issue occurs when SSL authentication is disabled on the host.
Resolution
To resolve this issue, use one of these methods:
Using the vSphere Client
- Connect directly to the host using the vSphere Client.
- Click the Configuration tab.
- Under Software, select Advanced Setting.
- Navigate to Config > Defaults > Security.
- Next to Require SSL to be used when communicating with the host over port 902, select the Config.Default.security.host.ruissl option.
- Connect the host to the vCenter Server.
Using the command line
- Connect to the ESXi host using SSH. For more information, see Using Tech Support Mode in ESXi 4.1 and ESXi 5.x (1017910).
- Open the /etc/vmware/config file on the host using a text editor.
- Set the security.host.ruissl entry to TRUE.
For example:
security.host.ruissl = "TRUE"
Note: If this entry does not exist, add this to the file.
- Save and close the file.
- Restart the management agents. For more information, see Restarting the Management agents on an ESXi or ESX host (1003490).
- Connect the host to the vCenter Server.
Additional Information
Feedback
Yes
No
Powered by
