A vSphere HA cluster fails to configure in vCenter Server when fdm.log states "SSL Async Handshake Timeout".

search cancel

book

calendar_today

VMware vCenter Server

Reconfiguring vSphere HA fails for several hosts in the cluster, but some elect into primary or secondary status.
After upgrading to vCenter Server 8.0.3, HA-enabled clusters fail to configure, and only a few hosts elect properly.
HA initialization times out when you configure the management vNIC with an MTU value larger than 1500.

Messages in the fdm.log mention SSL Async Handshake Timeout when contacting other ESXi hosts in the cluster:

SSL Async Handshake Timeout : Read timeout after approximately 25000ms. Closing stream SSL
Failed to SSL handshake;

vCenter Server 8.0.3

MTU Mismatch on Management network. FDM does support Jumbo Frames, but the MTU setting has to be consistent from end to end on every device.

Check MTU settings for the vmk, vmnic, and vSwitch/DVS involved with the Management network on each host to confirm the mismatch.

Confirm the issue using network commands at the ESXi shell:

vmkping -I vmkX #.#.#.#
- vmkping using the vmk for the Management network is successful between all or most hosts.
vmkping -d -s 8972 #.#.#.#
- vmkping using jumbo frames Management network only works between elected hosts with their MTU set correctly.
openssl s_client -connect #.#.#.#:8182
- From the primary agent host to one of the hosts that isn't electing will not return the SSL certificate. Doing so between elected hosts returns the SSL certificate as expected.

Edit the device used for the Management network that is set incorrectly and change the MTU to 9000.

For more information on that process, see:

Further HA troubleshooting can be found in the following document:

For a similar vSphere HA and 8.0 U3 issue with slightly different logging, see:

thumb_up Yes

thumb_down No