vSphere HA Configuration Fails on ESXi Hosts After vCenter Patch with an Error - AgentInstallFailed
search cancel

vSphere HA Configuration Fails on ESXi Hosts After vCenter Patch with an Error - AgentInstallFailed

book

Article ID: 410804

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

After applying a patch to the vCenter Server Appliance the vSphere High Availability (HA) configuration fails on ESXi hosts . The failure is specifically tied to the FDM (Fault Domain Manager) agent installation process.

vCenter Logs (var/log/vmware/vpxd/vpxd.log) show:

YYYY-MM-DDT##:##:## warning vpxd[62160] [Originator@6876 sub=Default opID=mdcdkazd-932806-auto-jzrb-h5:70086138-5e-02] [NFC ERROR]Nfc_BindAndEstablishAuthdCnx3: Failed to create a connection with server <ESXi-host-IP/FQDN>: Failed to connect to server <ESXi-host-IP/FQDN>:902  
YYYY-MM-DDT##:##:## error vpxd[62160] [Originator@6876 sub=vpxNfcClient opID=mdcdkazd-932806-auto-jzrb-h5:70086138-5e-02] Unable to connect to NFC server: Failed to connect to server <ESXi-host-IP/FQDN>:902
YYYY-MM-DDT##:##:## error vpxd[62160] [Originator@6876 sub=HostAccess opID=mdcdkazd-932806-auto-jzrb-h5:70086138-5e-02] Failed to upload files: N3Vim5Fault16HostConnectFault9ExceptionE(Fault cause: vim.fault.HostConnectFault

YYYY-MM-DDT##:##:## info vpxd[62160] [Originator@6876 sub=Default opID=mdcdkazd-932806-auto-jzrb-h5:70086138-5e-02] [VpxLRO] -- ERROR task-7477044 -- <ESXi-host-IP/FQDN> -- DasConfig.ConfigureHost: vim.fault.AgentInstallFailed:
--> Result:
--> (vim.fault.AgentInstallFailed) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    reason = "AgentUploadFailed",
-->    statusCode = <unset>,
-->    installerOutput = <unset>
-->    msg = ""

Telnet and curl tests from vCenter to ESXi on port 902 return "Connection timed out", indicating no ACK response.

nc -zv <ESXi-host-IP/FQDN> 902
Warning: Inverse name lookup failed for `###.###.###.###'

<ESXi-host-IP/FQDN> [###.###.###.###] 902 (ideafarm-door): Connection timed out 

Environment

VMware vCenter Server 

vSphere ESXi

Cause

The root cause of the issue is an asymmetric network routing configuration on the affected ESXi hosts. This misconfiguration results in unidirectional communication, preventing successful TCP handshakes between vCenter and ESXi hosts on port 902, which is required for NFC (Network File Copy) operations.

Resolution

 

  • Review and correct the network routing configuration on the affected ESXi hosts.

  • Ensure that incoming and outgoing traffic for port 902 uses the same VMkernel interface and physical uplink.

  • Validate that VMkernel routes are symmetrical and consistent with expected traffic paths.

  • After making the necessary changes, re-attempt the vSphere HA configuration on the ESXi hosts.

Workaround:

  • Manually install FDM agent on the ESXi host. KB 336391

 

Powered by Wolken Software