vSphere HA Agent is not reachable from the vCenter
search cancel

vSphere HA Agent is not reachable from the vCenter

book

Article ID: 398888

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

vCenter is not able to initialize vSphere HA on the hosts due to a communication error

Disconnecting and reconnecting the host to the vCenter fails to connect

The host fdm.log shows a certificate error:

"The remote host certificate has these problems."

YYYY-MM-DDT04:42:46.7652 warning fdm[89075543) [Originator@6876 sub=IO.Connection opID=WorkQueue-a7d98bb) Failed to SSL handshake; SSL(<io_obj p:Ox00000011b4 c76320, h:9, <TCP '2001:730:8105:806:9618:82ff:feea:b5b8 : 46281'>, <TCP '2001:730:8105:806:4adf:37ff:fe07:7a01 : 8182'>>), e: 336134278(certificate verify failed (SSL routines, 5513 get server_certificate)), duration: 5mmec 
YYYY-MM-DDT04:42:46.766Z error fdm[89075648] [Originator@6876 sub=Message opID=WorkQueue-a7d98bb) Error N7VMacore3S5118SSLVerifyExceptionE(SSL Exception: Verification parameters: 
--> PeerThumbprint: BF:6A:61:FC:17:17:86:A1:C3:A1:117:A7:8F:BD:F5:2E:C3:68:64034 
--> ExpectedThumbprint: 
--> ExpectedPeerName: nlcsapesxp262.csa.internal 
--> The remote host certificate has these problems
--> 
--> * certificate has expired
--> [context]zKq7AVECAQAAAPONbgElamRtAIAsc4EBZmRtAIB7TWoBgMiVagGA9JhqAYCcimmoBgL7/awGAoDBsAYBryIwBATt9AGxpYnBOaHJ1YWOuc28UMAACbdE0bGliYy5zby42AA==[/context] on handshake 
YYYY-MM-DDT04:42:46.766z error fdm[89075538) [Originator@6876 sub=Message opID=clusterElection.cpp:1570-5f5fb71a] AsyncConnect failed
YYYY-MM-DDT04:42:46.766z info fdm[89075538] [Originator@6876 sub=Message opID=clusterElection.cpp:1570-5f5fb71a] Destroying connection
YYYY-MM-DDT04:42:46.766z error fdm[89075538] [Originator@6876 sub=Cluster opID=clusterElection.cpp:1570-5f5fb71a] Couldn't connect to master N7Vmacorel6Timeout

Environment

vCenter 7.x

vCenter 8.x

Cause

vCenter is unable to communicate with the host due to the failed certificate 

Resolution

Make sure the certificate mode on the vCenter is set to vmca

Ref: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/vcenter-server-upgrade-7-0/upgrading-and-updating-the-vcenter-server-appliance/preparing-to-upgrade-vcenter-server-appliance/prepare-esxi-hosts-for-vcenter-server-appliance-upgrade/change-the-certificate-mode.html

Check if the ESXi host certificate is valid; if not, renew the ESXi host certificate on the UI

Ref: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/vsphere-security-7-0/securing-esxi-hosts/certificate-management-for-esxi-hosts/renew-esxi-certificates.html

Powered by Wolken Software