• Reconfiguring vSphere HA fails for several hosts in the cluster, but some elect into primary or secondary status.
  • Host state remains in 'Election' or 'Unreachable' despite successful standard pings.
• After upgrading to vCenter Server 8.0.3, HA-enabled clusters fail to configure, and only a few hosts elect properly.
• HA initialization times out when you configure the management vNIC with an MTU value larger than 1500.
• Messages in the fdm.log mention SSL Async Handshake Timeout when contacting other ESXi hosts in the cluster:

  SSL Async Handshake Timeout : Read timeout after approximately 25000ms. Closing stream SSL
  Failed to SSL handshake;

vCenter Server 7.x
vCenter Server 8.x

MTU Mismatch on Management network. FDM does support Jumbo Frames, but the MTU setting has to be consistent from end to end on every device.

VMkernel settings (9000) must match the vSwitch and physical switch MTU (9000).

1. Check MTU settings for the vmk, vmnic, and vSwitch/DVS involved with the Management network on each host to confirm the mismatch.
   1. Confirm the issue using network commands at the ESXi shell:
      
      
      • vmkping -I vmkX ###.###.###.###
        • vmkping using the vmk for the Management network is successful between all or most hosts.
      • vmkping -d -s 8972 ###.###.###.###
        • vmkping using jumbo frames Management network only works between elected hosts with their MTU set correctly.
      • openssl s_client -connect ###.###.###.###:8182
        • From the primary agent host to one of the hosts that isn't electing will not return the SSL certificate. Doing so between elected hosts returns the SSL certificate as expected.
   2. To find the misconfiguration, confirm the configuration on the vmk, vmnic, and Distributed or Standard switch:
      
      
      • vmk:
        esxcli network ip interface list 
      • vmnic:
        esxcli network nic list
      • Standard Switch:
        esxcli network vswitch standard list 
      • Distributed Switch:
        esxcli network vswitch dvs vmware list 
2. Edit the device used for the Management network that is set incorrectly and change the MTU to 9000.
3. Disable HA.
4. Enable HA.

For more information on that process, see:

• iSCSI and Jumbo Frames configuration on VMware ESXi/ESX
• Enabling Jumbo Frames on virtual switches
• Testing VMkernel network connectivity with the vmkping command

Further HA troubleshooting can be found in the following document:

Troubleshooting VMware High Availability (HA) issues in VMware vCenter Server

For a similar vSphere HA and 8.0 U3 issue with slightly different logging, see:

HA clusters fail to configure in vCenter Server 8.0 U3 when the VPXD certificate mode is set to thumbprint.