"Multiple ESXI Not responding" - vpxa service restart due to NON-CA signed cert.
Article ID: 408770
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Multiple ESXi hosts became unresponsive and temporarily disconnected from vCenter.
hostd.log
YYYY-MM-DDTHH:MM:SS In(166) Hostd[2104669]: [Originator@6876 sub=Vimsvc.TaskManager opID=HB-host-2228915@870204-7bd296dd-WorkQueue-436c2e22-59b1 sid=526f5cab user=vpxuser] Task Created : haTask--vim.host.CertificateManager.replaceCACertificatesAndCRLs-13836328
VPXD.logs:
YYYY-MM-DDTHH:MM:SS warning vpxd[09772] [Originator@6876 sub=MoHost opID=HostSync-host-XXXXXXX-4057509f] host [vim.HostSystem:host-XXXXXXX,<HOST FQDN>] connection state changed to NO_RESPONSE
YYYY-MM-DDTHH:MM:SSinfo vpxd[08285] [Originator@6876 sub=MoHost opID=HB-host-XXXXXXX@235555-6c31973d] host [vim.HostSystem:host-XXXXXXX,<HOST FQDN>] connection state changed to CONNECTED
YYYY-MM-DDTHH:MM:SS info vpxd[09429] [Originator@6876 sub=certmgrLogger opID=HB-host-XXXXXXX@235555-6c31973d-WorkQueue-2792c0ae] Will update root certificates on host; [vim.HostSystem:host-XXXXXXX,<HOST FQDN>
YYYY-MM-DDTHH:MM:SS info vpxd[08238] [Originator@6876 sub=certmgrLogger opID=HB-host-XXXXXXX@870204-7bd296dd-WorkQueue-436c2e22] Will update root certificates on host; [vim.HostSystem:host-XXXXXXX,<HOST FQDN>], on vc: (string) [
--> "-----BEGIN CERTIFICATE-----
--> MIIEOzCCAyOgAwIBAgIJAP9nSX72n/UXMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
--> VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFDASBgoJkiaJk/IsZAEZ
--> FgR0cmFmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTErMCkGA1UE
Environment
VMware vSphere 8.0.x
VMware ESXi 8.0.x
Cause
The issue was observed on ESXi hosts using non-CA (self-signed) certificates. A certificate update was triggered by vCenter, which led to a restart of the vpxa service on the affected hosts.
Resolution
This behavior is expected when utilizing a certificate that is not signed by a trusted Certificate Authority (CA).
Feedback
Yes
No
Powered by
