Host commission in SDDC manager is failing at Install Temporary VMCA Certificate For Host Commissioning
search cancel

Host commission in SDDC manager is failing at Install Temporary VMCA Certificate For Host Commissioning

book

Article ID: 388561

calendar_today

Updated On:

Products

VMware SDDC Manager VMware Cloud Foundation

Issue/Introduction

  • ESXi host commission in SDDC Manager is failing at Install Temporary VMCA Certificate For Host Commissioning stage
  • Error in SDDC Manager UI 
    Install Temporary VMCA Certificate For Host Commissioning

Description    Install Temporary VMCA Certificate For Host Commissioning
Progress Messages    Failed to install temporary VMCA certificate for host(s).
Error
Message: Failed to install temporary VMCA certificate for host(s).
Remediation Message:
Reference Token: TRSH5M
  • Error in /var/log/vmware/vcf/operationsmanager/operationsmanager.log 
    ERROR [vcf_om,679bb793409507b20316cd9613d9c464,193d] [c.v.e.s.o.model.error.ErrorFactory,pool-3-thread-13] [29VLI2] HOST_INSTALL_TEMPORARY_CERT_FAILED Failed to install temporary VMCA certificate for host(s).
com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to install temporary VMCA certificate for host(s).

Caused by: com.vmware.vim.vmomi.client.exception.ConnectionException: https://esxi01.example.com:443/sdk invocation failed with "java.net.SocketException: Connection reset"

ERROR [vcf_om,679bb7937830e0cbbd5d929d7aaf9d3a,c855] [c.v.e.s.c.c.v.vsphere.VsphereClient,host-comm-decomm-exec-3] Failed to connect to https://esxi02.example.com:443/sdk
com.vmware.vim.vmomi.client.exception.ConnectionException: https://esxi02.example.com:443/sdk invocation failed with "java.net.SocketException: Connection reset"
  • Openssl connection from SDDC manager to ESXi host fails with below no peer certificate available error 
    root@sddc01 [ /home/vcf ]# openssl s_client -connect esxi01.example.com:443

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 331 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Cause

Possible port 443 from SDDC Manager to destination ESXi host(s) is at policy-deny in Firewall

 

Resolution

Open the required ports for SDDC manager, vCenter and ESXi communication - Refer https://ports.broadcom.com/

 

Powered by Wolken Software