When running internal vulnerability scans using Nessus against ESXi 8.0.x, the connection between the host and the vCenter Server might be disrupted, causing it to appear as "Not responding" in vSphere Client.

VMware vSphere ESXi 8.0.x

The issue stems from different proxy architectures in ESXi 7 and ESXi 8.

In ESXi 7, rhttpproxy maintained one-to-one mapping between client-to-proxy and proxy-to-service connections. When services timed out (after 45-60 seconds of inactivity), both connections would close, preventing idle connection accumulation even when clients like Nessus didn't properly close connections.

In ESXi 8, envoy proxy improves performance but doesn't maintain this one-to-one mapping. When services timeout, only the proxy-to-service connection closes while client-to-proxy connections remain open until either the client closes them or envoy's idle timeout (8 hours in 8.0U3) is reached, causing connection accumulation.

This is addressed in vSphere 9.0 by changing the idle timeout for envoy to 15 minutes.

As a workaround, the number of remote connections accepted by envoy can be manually increased. However, like most of the software components on ESXi, envoy runs in its own memory resource pool, and raising the remote connection might cause the available memory in this pool to get exhausted. Thus such a change should only be applied after consulting the technical support team.

If you experiencing the issue described in this article, please do therefore reach out to the technical support by opening a new support case.