Reconnect ESXi host failed with "A general system error occurred: Unable to push signed certificate to host"

search cancel

book

calendar_today

VMware vSphere ESXi

ESXi host shows as Disconnected in vCenter Server after upgrade
Manually reconnect ESXi host failed and prompted below error messages:

Task Name: Reconnect host
Target: <ESXi-Host-FQDN-or-IP>
Status: A general system error occurred: Unable to push signed certificate to host <ESXi-Host-FQDN-or-IP>
In vCenter Server /var/log/vmware/vpxd/vpxd.log:

2025-05-09T19:28:05.095-04:00 info vpxd[06837] [Originator@6876 sub=vmomi.soapStub[2251] opID=mahc95ik-14528-auto-b71-h5:70002692-28] SOAP request returned HTTP failure: <<io_obj p:0x00007fb9e89514e8, h:139, <UNIX ''>, <UNIX '/var/run/envoy-hgw/hgw-pipe'>>, /hgw/host-2654983/sdk>, method: installServerCertificate: code: 500(Internal Server Error): fault: (vim.fault.HostConfigFault) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = (vmodl.LocalizableMessage) [
--> (vmodl.LocalizableMessage) {
--> key = "vim.hostd.vimsvc.certificateManager.checkTime",
--> arg = <unset>,
--> message = "Time validation failed. Check host Time and/or Certificate expiration data (notBefore, notAfter)."
--> }
--> ]
--> msg = "Received SOAP response fault from [<<io_obj p:0x00007fb9e89514e8, h:139, <UNIX ''>, <UNIX '/var/run/envoy-hgw/hgw-pipe'>>, /hgw/<host-moid>/sdk>]: installServerCertificate
--> Cannot change the host configuration."

VMware vCenter Server 8.x
VMware vSphere ESXi 8.x

The time drift between ESXi host and vCenter Server blocks TLS connection.

To resolve the issue, suggest to set same NTP server for vCenter Server and ESXi host:

To workaround the issue, manually set the time for vCenter Server and ESXi host to be same:

thumb_up Yes

thumb_down No