vSphere HA warning on cluster following upgrade of vCenter to 8.0.3 Insufficient configured resources
search cancel

vSphere HA warning on cluster following upgrade of vCenter to 8.0.3 Insufficient configured resources

book

Article ID: 374441

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Following upgrade of vCenter from any version to 8.0.3, HA enabled clusters start to show the following warning:

Insufficient configured resources to satisfy the desired vSphere HA failover level on the cluster

In the fdm.log:

2024-07-03T05:35:03.000Z Wa(164) Fdm[11588044]: [Originator@6876 sub=IO.Connection opID=WorkQueue-bae9765] Failed to SSL handshake; SSL(<io_obj p:0x0000002e86fda5f0, h:30, <TCP 'xx.xx.xx.xx : 8182'>, <TCP 'xx.xx.xx.xx : 11973'>>), e: 167773208(tlsv1 alert unknown ca (SSL routines)), duration: 6msec
2024-07-03T05:35:03.000Z Wa(164) Fdm[11588183]: [Originator@6876 sub=IO.Connection opID=WorkQueue-6b50e416] Failed to SSL handshake; SSL(<io_obj p:0x0000002e86dcfb20, h:29, <TCP 'xx.xx.xx.xx : 8182'>, <TCP '10.62.12.77 : 50329'>>), e: 167773208(tlsv1 alert unknown ca (SSL routines)), duration: 6msec
2024-07-03T05:35:03.001Z Er(163) Fdm[11588035]: [Originator@6876 sub=Message opID=WorkQueue-bae9765] Error N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0A000418:SSL routines::tlsv1 alert unknown ca)
2024-07-03T05:35:03.001Z Er(163) Fdm[11588024]: --> [context]zKq7AVECAQAAAPONbgEKZmRtAID8eoEBZmRtAIDJF2cBgBugagGApKJqAYBapGoBgJ4GbAGAgDdsAYBL1IwBAYJ6AGxpYnB0aHJlYWQuc28uMAAC7y4PbGliYy5zby42AA==[/context] creating ssl stream or doing handshake
2024-07-03T05:35:03.001Z Er(163) Fdm[11588537]: [Originator@6876 sub=Message opID=WorkQueue-6b50e416] Error N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0A000418:SSL routines::tlsv1 alert unknown ca)
2024-07-03T05:35:03.001Z Er(163) Fdm[11588024]: --> [context]zKq7AVECAQAAAPONbgEKZmRtAID8eoEBZmRtAIDJF2cBgBugagGApKJqAYBapGoBgJ4GbAGAgDdsAYBL1IwBAYJ6AGxpYnB0aHJlYWQuc28uMAAC7y4PbGliYy5zby42AA==[/context] creating ssl stream or doing handshake

Environment

VMware vCenter Server 8.0.3

Cause

Self Signed Certificates on ESXi host are no longer supported by vCenter.

In an environment where ESXi host have self signed certificates and the advanced settings in vCenter "vpxd.certmgmt.mode" is set to "thumprint" ESXi host with self signed certificates can be added to the vCenter however vSphere HA will not successfully enable due to the unsupported certificate.

Resolution

Recommendation for ease of management is to have vCenter manage the ESXi hosts certificates.

  1. Ensure the advanced setting on vCenter object is configured to vmca mode:
     
  2. Right click ESXi host, select Certificates, select Renew Certificate
  3. Once complete right click host and select Refresh CA Certificates
Powered by Wolken Software