vCenter installation/upgrade/VAMI restore is failing with a message: "The installer is unable to connect to the vCenter Server Management interface."
search cancel

vCenter installation/upgrade/VAMI restore is failing with a message: "The installer is unable to connect to the vCenter Server Management interface."

book

Article ID: 371223

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • When installing a new vCenter or restoring vCenter from VAMI backup, stage one gets to 99% then either completes or fails.
  • Before stage 2 can start, there is an error message observed:

    The installer is unable to connect to the vCenter Server Management interface.
    Unable to proceed with stage 2 of the deployment process.
    You may attempt to continue with stage 2 by logging into the vCenter Server at https://vCenterFQDN:5480

     

  • The following entries are seen in the installer.log at the following location on the Jump Box:

    C:\Users\username\AppData\Local\Temp\vcsaUiInstaller

    <time> - error: Could not get response for get request from url https://<vcname>:5480/: Error: connect TIMEDOUT <vcname>:5480
    <time> - error: VAMI is NOT accessible[15]: https://<vcname>/, err: Could not get a response for get request from url https://<vcname>:5480/: Error: connect ETIMEDOUT <vcname>:5480

     

  • Running a curl command fails from a jumpbox that is not on the same subnet as the deployed vCenter VM:

    curl -kv https://vCenterFQDN:5480

    Trying #.#.#.#:5480... 
    Connected to vCenterFQDN (#.#.#.#) port 5480 
    schannel: disabled automatic use of client certificate 
    ALPN: curl offers http/1.1 
    Recv failure: Connection was reset 
    schannel: failed to receive handshake, SSL/TLS connection failed 
    Closing connection 
    schannel: shutting down SSL/TLS connection with vCenterFQDN port 5480 
    Send failure: Connection was reset 
    schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1) 
    curl: (35) Recv failure: Connection was reset 

     

    Example:

     

  • Running a curl command from a jumpbox on the same subnet as the vCenter instance is successful:

    curl -kvvv https://vCenterFQDN:5480

    Trying vCenterIP:5480

    Connected to https://vCenterFQDN (#.#.#.#) port 5480 (#0)

    ALPN: offers http/1.1
    TLSv1.3 (OUT), TLS Handshake, Client hello (1):
    TLSv1.3 (IN), TLS Handshake, Server hello (2):
    TLSv1.2 (IN), TLS Handshake, Certificate (11):
    TLSv1.2 (IN), TLS Handshake, Server key exchange (12):
    TLSv1.2 (IN), TLS Handshake,Server finished (14):
    TLSv1.2 (OUT), TLS Handshake, Client key exchange (16):
    TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
    TLSv1.2 (OUT), TLS Handshake, Finished (20):
    TLSv1.2 (IN), TLS Handshake, Finished (20):
    SSL connection usingTLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

    ALPN: server did not agree on a protocol. Uses default.
    Server Certificate:

    ...

    SSL certificate result: self-signed certificate (18), continuing anyway.
    using HTTP/1.x
    > Get / HTTP1.1
    > Host: vCenterFQDN:5480
    > User-Agent: Curl/8.1.2
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < X-UA-compatible: IE=edge
    < X-Frame-Options: Deny
    < Content Type: text/html; charset=utf-8
    < Accept-Ranges: bytes
    < ETag: "888593732"
    < Last-Modified:<date>
    < Content-Length: 1116
    < Date:<date>
    < Server: vami
    <
    <!doctype html> ...

  • This indicates an issue on the network since the jumpbox on the same subnet is able to connect, but the jumpbox on a different subnet cannot connect on port 5480.

Environment

  • vCenter Server 7.0
  • vCenter Server 8.0

Cause

  • The Jump Box is unable to communicate with the newly deployed appliance on port 5480. Port 5480 is the default port for VCSA. Common reasons for this could be:

    • Firewall rules that may be blocking communication
    • Duplicate IP addresses for the workstation/jumpbox & or the target VCSA
    • Jump Box is a connected to a VPN which is blocking the connectivity
    • The port group selected for the VM is not reachable from the jumpbox where the installer is running.

Resolution

  • This is an environmental network issue. Check with the networking and firewall team to validate the communication on port 5480 between the deployment jumpbox and the vCenter VM.
  • This would include any application default settings on the firewall on the jumpbox VM, please ensure that an exception is added for port 5480.

Workaround:

  • Run the vCenter installer ISO from a jumpbox on the same ESXi host as the location for the deployment vCenter VM.

Additional Information

Powered by Wolken Software