Cannot access ESXi UI with "Error: 503 Service Unavailable (Failed to connect to endpoint: [____] _serverNamespace = / action = Allow _port = 8309)"
search cancel

Cannot access ESXi UI with "Error: 503 Service Unavailable (Failed to connect to endpoint: [____] _serverNamespace = / action = Allow _port = 8309)"

book

Article ID: 376026

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Attempting to access ESXi UI, receiving "Error: 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x0000001209e60f60] _serverNamespace = / action = Allow _port = 8309)" after configuring CA signed certificates for ESXi.
  • The VPXA log (/var/log/vpxa.log) contains this line:

    [Originator@6876 sub=Default] Failed to initialize the SSL context: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) --> Panic: Failed to initialize the SSL context.

  • vpxa service even if started manually , stops in few seconds.
  • rui.crt and rui.key files are missing from /etc/vmware/ssl

Environment

VMware vsphere Esxi

Cause

When an invalid SSL certificate is uploaded through the vSphere client, it's refused but applied nevertheless, crashing any and all of the management daemons.

Resolution

Regenerate the self-signed certificate by executing the following command:

/sbin/generate-certificates

Restart the management agents:

/etc/init.d/hostd restart

/etc/init.d/vpxa restart

 

Verify the check against the Private Key and the Certificate files before configuring CA signed certificate for ESXi, both should match if the Private Key belongs to the same certificate.

openssl x509 -noout -modulus -in rui.crt | openssl sha256

openssl rsa -noout -modulus -in rui.key| openssl sha256