When attempting to restart the vSAN Health Service in vCenter Server Appliance (vCSA) 7.0, the operation fails with a timeout error:

# service-control --restart vsan-health

Service-control failed. Error: Failed to restart service vsan-health. vmon-cli RC=1, stderr=Restart service request failed. Error: Operation timed out

Additionally, the following error is logged in /var/log/vmware/vsan-health/vmware-vsan-health-service.log:

CRITICAL vsan-mgmt[102926] [VsanMgmtServer::UncaughtExcpetionHandler opID=noOpId]

Traceback (most recent call last):

  File "bora/vsan/health/vpxd/VsanMgmtServer.py", line 291, in <module>

  File "bora/vsan/MgmtServer/VsanMgmtSvcMain.py", line 431, in StartServer

pyVmomi.VmomiSupport.vmodl.RuntimeFault: (vmodl.RuntimeFault) {

 msg = 'N7Vmacore31FileIOPermissionDeniedExceptionE: Permission denied for file  : /etc/vmware-vsan-health/.cns_pgpass'

}

vSAN 7

The .cns_pgpass file under /etc/vmware-vsan-health/ has incorrect ownership.
Expected owner: vsan-health:users
Incorrect owner (causing issue): root:root

This typically occurs if the ownership of the /etc/vmware-vsan-health/ directory was modified manually and not fully reverted.

Example output:

# ls -al /etc/vmware-vsan-health/

-r--------  1 root root 41 Apr 15  2022 .cns_pgpass

1 Log in to the vCSA using SSH as root.

2 Update the ownership of the .cns_pgpass file to the correct user and group:

   chown vsan-health:users /etc/vmware-vsan-health/.cns_pgpass

3 Restart the vSAN Health service:

    service-control --restart vsan-health

4 Verify the service status:

    service-control --status vsan-health

    The service should now start successfully.

• This issue can arise if permissions or ownerships are accidentally modified in the vSAN Health configuration directory.
• Ensure that only the vsan-health user has access to .cns_pgpass.
• If other files under /etc/vmware-vsan-health/ are modified, compare with a healthy vCSA installation for reference.