The alert "ESXi host is not accessible from the appliance" is reported in the HCX UI.
search cancel

The alert "ESXi host is not accessible from the appliance" is reported in the HCX UI.

book

Article ID: 422684

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

A "Critical" severity alert may be generated on the HCX Manager UI indicating that a specific ESXi host is not accessible from the HCX-IX appliance.
This typically occurs after a new Service Mesh deployment or an appliance redeploy.

Symptom:

  • Logs indicating that access between the ESXi host and IX appliance is unavailable are generated.
    /common/logs/admin/app.log
    <timestamp> UTC [InterconnectService_SvcThread-6394, Ent: HybridityAdmin, , TxId: <uuid>] INFO  c.v.v.h.s.i.ThumbprintExchanger- [HCX:] The Host host-<number>, appliance <appliance-uuid>, vCenter <vCenter-uuid>, is not Accessible.
  • The log indicates that IX failed to establish an SSL connection using ports 80/443 to the ESXi host.
    hbrsrv-1.log
    <timestamp> warning hbrsrv[01760] [Originator@6876 sub=vmomi.soapStub[76] opID=<uuid>] SOAP request returned HTTP failure; <SSL(<io_obj p:0x###, h:38, <TCP '<IX-IP> : <src-port>'>, <TCP '<ESXi-IP> : 80'>>), /sdk>, method: loginBySSLThumbprint; code: 500(Internal Server Error)
<timestamp> warning hbrsrv[01760] [Originator@6876 sub=vmomi.soapStub[77] opID=<uuid>] SOAP request returned HTTP failure; <SSL(<io_obj p:0x###, h:38, <TCP '<IX-IP> : <src-port>'>, <TCP '<ESXi-IP> : 443'>>), /sdk>, method: loginBySSLThumbprint; code: 500(Internal Server Error)


  • Ping connectivity between the IX appliance and the ESXi host management IP may still be successful.
  • Despite the alert, network connectivity tests (ICMP, port 80/443) do not show any failure.

Environment

VMware HCX

Cause

Investigation of the appliance logs (hbrsrv.log) and ESXi host logs (envoy-access.log) reveals that while the network path is open, the SSL/TLS handshake or the thumbprint exchange between the IX appliance and the ESXi host is failing with an HTTP 500 Internal Server Error.

Specifically, the loginBySSLThumbprint method fails when the IX appliance attempts to establish a secure connection to the ESXi host on ports 80 or 443.
This indicates a synchronization or trust issue between the Interconnect appliance and the host's management services.

Resolution

The issue is typically resolved by refreshing the state of the IX appliance.

Redeploy the IX Appliance:

1. Navigate to the HCX Service Mesh tab.

2. Select the affected Service Mesh.

3. Click on Resync or specifically Redeploy for the IX appliance.

Verify Connectivity:

After redeployment, confirm the alert clears from the HCX Dashboard.

If redeploying the IX appliance does not clear the alert, reboot the affected ESXi host.

Powered by Wolken Software