The ESXi host fails to establish a connection with vCenter because the Hostd service failed to start
search cancel

The ESXi host fails to establish a connection with vCenter because the Hostd service failed to start

book

Article ID: 398767

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • ESXi host is disconnected from the vCenter server.
  • Reviewed the hostd service status and observed that it was down: /etc/init.d/hostd status
  • Attempted to manually start hostd service and the startup failed. Below errors were observed in /var/run/log/hostd.log:

      YYYY-MM-DDTHH:MM:SS In(166) Hostd[2138578]: [Originator@6876 sub-Hostsvc.HTTPService] vmacore/http2/outputBufferSize set to 65536 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub-Hostsvc.HTTPService] vmacore/http2/maxPooledStreams set to 1000 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub-Hostsvc.HTTPService] vmacore/http2/streamFlushWatermark set to 65 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub-Hostsvc] Plugin initialized 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub=Default] Initializing plugin Solo 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub=Default] Configured libraryPath /lib/ 
   YYYY-MM-DDTHH:MM:SS In166) Hostd[2138578]: [Originator@6876 sub=Default] Vmacore::InitSSL: handshakeTimeoutUs 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub-Default] Service is running in FIPS mode. 
   YYYY-MM-DDTHH:MM:SS In(166) Hostd [2138578]: [Originator@6876 sub-Solo] Setting OpenSSL verify location CAFile=/etc/vmware/ssl/castore.pem
   YYYY-MM-DDTHH:MM:SS Er163) Hostd [2138578]: [Originator@6876 sub-Solo] Initializing keystore failed: N7Vmacore6Crypto15CryptoExceptionE (Crypto Exception: error:1508010C: DECODER routines::unsupported)
   YYYY-MM-DDTHH:MM:SS Er(163) Hostd [2138578]: --> [context]#####[/context] 
   YYYY-MM-DDTHH:MM:SS Er(163) Hostd [2138578]: [Originator@6876 sub-Solo] Please check the validity of certificate files /etc/vmware/ssl/rui.key and /etc/vmware/ssl/rui.crt

Environment

VMware ESXi 7.x
VMware ESXi 8.x

Cause

  • Issue was caused due to an expired SSL certificate on the ESXi host.
  • Validate the certificate expiry by running the following command: openssl x509 -enddate -noout -in /etc/vmware/ssl/rui.crt

Resolution

1) Regenerate the ESXi self-signed certificate using the following command:
/sbin/generate-certificates

2) Restart the hostd and vpxa services
/etc/init.d/hostd restart && /etc/init.d/vpxa restart

As the hostd service is up, the ESXi host can now be reconnected back to the vCenter server.

Powered by Wolken Software