vSAN health check commands are failing on particular hosts.
search cancel

vSAN health check commands are failing on particular hosts.

book

Article ID: 407667

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

  • vSAN health check commands are failing on particular hosts.,

# esxcli vsan health cluster list
Health Test Name                                    Status
--------------------------------------------------  ------
Overall health                                      red (Network misconfiguration)
Network                                             red
Hosts with connectivity issues                      red

# esxcli vsan health cluster get -t "Hosts with connectivity issues"
Hosts with connectivity issues        red

Checks if API calls from VC to a host are failing while the host is in connected state.
Ask VMware: http://www.vmware.com/esx/support/askvmware/index.php?eventtype=com.vmware.vsan.health.test.hostconnectivity

Hosts with communication issues
Host
------------------
XX.XX.XX.XX

  • However vCenter Server side is all green for Hosts with connectivity.
  • In vsanmgmt.log:
    YYYY-MM-DDTHH:MM:SS error vsand[YYYYYYYYY] [opID=Thread-ZZ VsanVimHelpers::GetVsanVersionNamespace] Failed to test vsan vmodl version with error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125) on XX.XX.XX.XX

Environment

vSAN 7.x

Cause

CA certificate chain used to sign the certificates in use previous external PSC node by existing ESXi host(s).

Before Upgrade: vCenter Server/external PSC.
After Upgraded: vCenter Server only. ## Current model

So Certificate mismatch between existing hosts and new added hosts after upgrading vCenter Server.
Existing hosts retain certificates from older versions of external PSC.

Resolution

Performing 'Refresh CA Certificates' by following the relevant step in Renew or Refresh ESXi Certificates.

Powered by Wolken Software