Error: "HA Agent is unreachable from vCenter Server"
Article ID: 373319
Updated On:
Products
Issue/Introduction
Symptoms:
-
In the vCenter Server the following High Availability (HA) alarm event is notified:
vSphere HA agent for this host has an error. The vSphere HA agent is not reachable from vCenter server.
-
Within the
/var/log/fdm.logon the ESXi host, you see similar logs :
YYYY-MM-DD HH:MM:SS Wa(164) Fdm[2586529]: [Originator@6876 sub=IO.Connection opID=WorkQueue-52dfcf26] Failed to SSL handshake; SSL(<io_obj p:0x000000bb5f03e130, h:28, <TCP '##.##.##.## : 8182'>, <TCP '##.##.##.## : 36095'>>), e: 167773208(tlsv1 alert unknown ca (SSL routines)), duration: 13msecYYYY-MM-DD HH:MM:SS Er(163) Fdm[2586533]: [Originator@6876 sub=Message opID=WorkQueue-52dfcf26] Error N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0A000418:SSL routines::tlsv1 alert unknown ca)YYYY-MM-DD HH:MM:SS Er(163) Fdm[2586516]: --> [context]zKq7AVECAQAAAPONbgEKZmRtAID8eoEBZmRtAIDJF2cBgBugagGApKJqAYBapGoBgJ4GbAGAgDdsAYBL1IwBAVJ4AGxpYnB0aHJlYWQuc28uMAACDzIPbGliYy5zby42AA==[/context] creating ssl stream or doing handshakeYYYY-MM-DD HH:MM:SS Wa(164) Fdm[2586545]: [Originator@6876 sub=IO.Connection opID=WorkQueue-6cce28e8] Failed to SSL handshake; SSL(<io_obj p:0x000000bb5f0669d0, h:10, <TCP '##.##.##.## : 8182'>, <TCP '##.##.##.## : 36095'>>) e: 167773208(tlsv1 alert unknown ca (SSL routines)), duration: 14msec
Environment
- vSphere ESXi 7.x
- vSphere ESXi 8.x
- vCenter Server 7.x
- vCenter Server 8.x
Cause
In the vCenter Advanced Settings > vpxd.certmgmt.mode is set as thumbprint
Resolution
- Log into vCenter Web Client.
- Click on the vCenter object, then Configure.
- Under Settings > Advanced Settings, click Edit Settings.
- Click the filter icon under Name and search for "
vpxd.certmgmt.mode" - Change the Value from
thumbprinttovmca. - Finally, right click on host(s), and choose Disconnect, once host is disconnected, Right click the host and choose Reconnect.
Feedback
