• When running HCX Service Mesh diagnostics, the test shows HTTP_CONNECT probe failures on ports 80, 443, and 902 between the HCX/HCX-IX and the ESXi host.

• From HCX /common/logs/admin/app.log results HCX diagnostic is getting failed as connection reset by peer.

[timestamp},{"type":"REACHABILITY_HTTP_CONNECT","source":"####","destination":"####","sourcePort":0,"destPort":80,"destType":"Service_HostSystem","protocol":"TCP","status":"FAILURE","error":{"output":"Get \"http://#####:80/sdk/vimService.wsdl\": read tcp #####:49002->####:80: read: connection reset by peer","message":"Failed to connect to target."}

• Checking the port connectivity from HCX appliances to the ESXI Host using telnet shows connected.

root@hcx[ ~ ]#  curl -kv telnet:/#.#.#.#.80
*   Trying #.#.#.#:80...
* Connected to #.#.#.# (#.#.#.#) port 80

root@hcx[ ~ ]#  curl -kv telnet:/#.#.#.#:443
*   Trying #.#.#.#:443...
* Connected to #.#.#.# (#.#.#.#) port 443

root@hcx0[ ~ ]#  curl -kv telnet:/#.#.#.#:902
*   Trying #.#.#.#:902...
* Connected to #.#.#.# (#.#.#.#) port 902

VMware HCX

• HCX Service Mesh Diagnostics performs a network port probe to help users identify connectivity issues between HCX appliances and ESXi hosts.
• Running the Dataplane diagnostic shows the probe is failing for HTTP_CONNECT which means the HTTP traffic is blocked between the HCX appliances and ESXI hosts.

• To run the data diagnostic successfully, HTTP protocol must be allowed between the HCX Manager appliance and the ESXi hosts.