Powering on a VM fails with "The host is reporting errors in its attempts to provide vSphere HA support"
search cancel

Powering on a VM fails with "The host is reporting errors in its attempts to provide vSphere HA support"

book

Article ID: 414695

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When attempting to power on a VM within a cluster, the process fails with an HA support error.    

When reviewing the Hosts tab for the cluster, you will see the HA configuration showing as "Retrying" or "HA agent unreachable".

The vCenter Server Certificate Mode is currently set to "Thumbprint".  For validation of the Certificate Mode, see here.

In the FDM logs for ESX, you may see errors related to an SSL certificate issue:

/var/run/log/fdm.log

 In(166) Fdm[2166272]: [Originator@6876 sub=Message opID=WorkQueue-31be60b] Initiating verification using CA store; peerName: esx-hostname
 Wa(164) Fdm[2166392]: [Originator@6876 sub=IO.Connection opID=WorkQueue-31be60b] Failed to SSL handshake; SSL(<io_obj p:0x000000b883d557e0, h:13, <TCP 'source-host : 29683'>, <TCP 'destination-host : 8182'>>),
e: 167772294(certificate verify failed (SSL routines)), duration: 3msec
 Er(163) Fdm[2166272]: [Originator@6876 sub=Message opID=WorkQueue-31be60b] Error N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
 Er(163) Fdm[2166241]: --> PeerThumbprint: ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
 Er(163) Fdm[2166241]: --> ExpectedThumbprint:
 Er(163) Fdm[2166241]: --> ExpectedPeerName: destination-host
 Er(163) Fdm[2166241]: --> The remote host certificate has these problems:
 Er(163) Fdm[2166241]: -->
 Er(163) Fdm[2166241]: --> * Host name does not match the subject name(s) in certificate.
 Er(163) Fdm[2166241]: -->
 Er(163) Fdm[2166241]: --> * unable to get local issuer certificate)
 Er(163) Fdm[2166241]: --> [context]zKq7AVECAQAAAPONbgEKZmRtAID8eoEBZmRtAIAbU2oBgHifagGApKJqAYBapGoBgJ4GbAGAgDdsAYBL1IwBAVJ4AGxpYnB0aHJlYWQuc28uMAACDzIPbGliYy5zby42AA==[/context] on handshake
 Db(167) Fdm[2166272]: [Originator@6876 sub=Cluster opID=WorkQueue-31be60b] IP destination-host marked bad for reason Unreachable IP

Environment

vCenter Server 8.x

ESX 8.x

 

Cause

This issue is related to the Certificate Mode being set to "Thumbprint" and the current certificates configured for the ESX hosts.  

Resolution

The certificate Mode for vCenter Server should be changed to "Custom" or VMCA" and the ESX host certificates should be refreshed / renewed accordingly.

To change the certificate mode configuration for vCenter: Change the ESXi Certificate Mode
To refresh the ESX host certificate: Renew or Refresh ESXi Certificates

 

Powered by Wolken Software