vCenter installation/upgrade/VAMI restore fails with message: "The installer is unable to connect to the vCenter Server Management interface."
search cancel

vCenter installation/upgrade/VAMI restore fails with message: "The installer is unable to connect to the vCenter Server Management interface."

book

Article ID: 371223

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • During new vCenter installation, upgrade or restoring the vCenter from VAMI backup, stage 1 gets to 99% and either completes or fails.
  • Before stage 2 can start, there is an error message observed:

    The installer is unable to connect to the vCenter Server Management interface.
    Unable to proceed with stage 2 of the deployment process.
    Proceed to stage 2 by logging into the vCenter Server at https://<vCenter_FQDN>:5480

  • The following entries are seen in the installer.log at the following location on the Jump Box:

    C:\Users\username\AppData\Local\Temp\vcsaUiInstaller
    <time> - error: Could not get response for get request from url https://<vCenter_FQDN>:5480/: Error: connect TIMEDOUT <vCenter_FQDN>:5480
    <time> - error: VAMI is NOT accessible[15]: https://<vCenter_FQDN>/, err: Could not get a response for get request from url https://<vCenter_FQDN>:5480/: Error: connect ETIMEDOUT <vCenter_FQDN>:5480

  • Running a curl command fails from a jumpbox that is not on the same subnet as the deployed vCenter VM:

    curl -kv https://<vCenter_FQDN>:5480

    Trying #.#.#.#:5480... 
    Connected to <vCenterFQDN> (#.#.#.#) port 5480 
    schannel: disabled automatic use of client certificate 
    ALPN: curl offers http/1.1 
    Recv failure: Connection was reset 
    schannel: failed to receive handshake, SSL/TLS connection failed 
    Closing connection 
    schannel: shutting down SSL/TLS connection with vCenterFQDN port 5480 
    Send failure: Connection was reset 
    schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1) 
    curl: (35) Recv failure: Connection was reset 

    Example:

  • Running a curl command from a jumpbox on the same subnet as the vCenter instance is successful:

    curl -kvvv https://<vCenterFQDN>:5480

    Trying vCenterIP:5480

    Connected to https://<vCenterFQDN> (#.#.#.#) port 5480 (#0)

    ALPN: offers http/1.1
    TLSv1.3 (OUT), TLS Handshake, Client hello (1):
    TLSv1.3 (IN), TLS Handshake, Server hello (2):
    TLSv1.2 (IN), TLS Handshake, Certificate (11):
    TLSv1.2 (IN), TLS Handshake, Server key exchange (12):
    TLSv1.2 (IN), TLS Handshake,Server finished (14):
    TLSv1.2 (OUT), TLS Handshake, Client key exchange (16):
    TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
    TLSv1.2 (OUT), TLS Handshake, Finished (20):
    TLSv1.2 (IN), TLS Handshake, Finished (20):
    SSL connection usingTLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

    ALPN: server did not agree on a protocol. Uses default.
    Server Certificate:

    ...

    SSL certificate result: self-signed certificate (18), continuing anyway.
    using HTTP/1.x
    > Get / HTTP1.1
    > Host: vCenterFQDN:5480
    > User-Agent: Curl/8.1.2
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < X-UA-compatible: IE=edge
    < X-Frame-Options: Deny
    < Content Type: text/html; charset=utf-8
    < Accept-Ranges: bytes
    < ETag: "8885#####"
    < Last-Modified:<date>
    < Content-Length: 1116
    < Date:<date>
    < Server: vami
    <
    <!doctype html> ...

  • This indicates an issue on the network as the computer on the same subnet as the newly deployed vCenter Appliance is able to connect, but the computer on a different subnet than the newly deployed vCenter Appliance cannot connect on port 5480.

Environment

  • vCenter 7.x
  • vCenter 8.x

Cause

  • The computer (virtual machine/physical computer) is unable to communicate with the newly deployed appliance on port 5480. Port 5480 is the default port for vCenter Server. Common reasons for this could be:
    • Firewall rules blocking communication on port 5480.
    • Duplicate IP address conflicts involving the target vCenter Server Appliance or the workstation/jumpbox used to run the installer.
    • The computer is connected to a VPN which is blocking the connectivity.
    • The port group selected for the VM is not reachable from the computer where the installer is running.

Resolution

  • Investigate the network and firewall configurations to ensure port 5480 is allowing traffic between the jumpbox used to run vCenter installer, and the newly deployed vCenter Appliance instance.
  • This would include any application default settings on the firewall on the jumpbox, and ensure that an exception is added for port 5480.

Workaround:

  • Run the vCenter installer ISO from a jumpbox on the same ESXi host as the target host for the new vCenter Appliance.

Additional Information

Refer: TCP and UDP ports required to access VMware vCenter Server