ESXi host commission from SDDC Manager fails with error: Unable to get the Host Fingerprint, verify ESXi host connectivity or credentials or SSH
Article ID: 388823
Updated On:
Products
VMware SDDC Manager
VMware Cloud Foundation
Issue/Introduction
ESXi host commission in SDDC Manager inventory fails at Host Addition or at Validation stage with below error,
Unable to get the Host Fingerprint, verify ESXi host connectivity or credentials or SSH
Or
Error occurred while getting certificate chain for '[email protected]:443'.
Environment
VCF 9.0.x
Cause
- This issue can happen if the SSH is not enabled on the ESXi host.
- Issues with Firewall (ports, rules, etc.)
- Issue with certificate.
Resolution
- Ensure that SSH is enabled on the ESXi host and also there are no firewall rules in place, this ESXi host should be reachable from SDDC manager.
- This issue can also happen if the host certificate has short name instead of FQDN.
- To check the same SSH to SDDC manager as vcf and su.
- Run the below command
openssl s_client -connect esxi01.example.com:443 -showcertsSample output
CONNECTED(00000003) depth=0 C = US, ST = California, L = Palo Alto, O = VMware, OU = VMware Engineering, CN = esxi01, emailAddress = [email protected] - Check the "CN", if the CN is shortname and if yes then follow the steps below on the ESXi host to make the hostname as FQDN
- SSH to ESXi with root user.
- Run the below commands to update the hostname
esxcli system hostname set --host=esxi01 esxcli system hostname set --fqdn=esxi01.example.com - Confirm the changes
esxcli system hostname get - Replace the ESXi certificates with the below steps.
cd /etc/vmware/sslmv rui.key rui.key.origmv rui.crt rui.crt.orig/sbin/generate-certificates - Once completed, restart hostd,vpxa and rhttpproxy services.
/etc/init.d/hostd restart/etc/init.d/vpxa restart/etc/init.d/rhttpproxy restart
- Retry host commission from SDDC manager.
Feedback
Yes
No
Powered by
