vCenter Appliance Management Interface (VAMI) inaccessible with error 'ERR_CONNECTION_REFUSED'
search cancel

vCenter Appliance Management Interface (VAMI) inaccessible with error 'ERR_CONNECTION_REFUSED'

book

Article ID: 423174

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

vCenter Appliance Management Interface (VAMI) https://<vCenter_URL>:5480 fails to load with the following error.

This site can’t be reached

<vCenter_URL> refused to connect.

Try:

    • Checking the connection
    • Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

 

Connectivity test from client to the vCenter Server using cURL fails to establish connection on port 5480.

Example:

PS C:\> curl -v telnet://<vCenter_URL>:5480
* Trying <vCenter_IP_Address>:5480...
* connect to <vCenter_IP_Address> port 5480 failed: Connection refused
* Failed to connect to <vCenter_URL> port 5480 after 2060 ms: Connection refused
* Closing connection 0

Environment

vCenter 8.x

Cause

The error on the browser 'ERR_CONNECTION_REFUSED' indicates that the client is unable to establish connection on VAMI port 5480. The cause of the connection failing on port 5480 can be either of the following:

  • The VAMI port 5480 is blocked by firewall.
  • On the vCenter Server, CAP Lighttpd Web Server (cap-lighttpd.service) is failed or inactive.

Resolution

The VAMI port 5480 is blocked by firewall:

Investigate with the network/firewall team if the connection is getting dropped on the network. Check the firewall between the client and vCenter and ensure port 5480 is open.

Once the port 5480 is allowed, the output of the connectivity test, from the client system, using cURL should be as below. Verify VAMI is accessible.

Example:

PS C:\> curl -v telnet://<vCenter_URL>:5480
* Trying <vCenter_IP_Address>:5480...
* Connected to <vCenter_URL> (vCenter_IP_Address) port 5480 (#0)

CAP Lighttpd Web Server (cap-lighttpd.service) is failed or inactive:

If the port 5480 is allowed on the network firewall, but VAMI is still inaccessible with error 'ERR_CONNECTION_REFUSED',confirm port 5480 status on the vCenter Server using netstat -anp | grep 5480

If no output is received from the above command, port 5480 is not listening on the vCenter, and the issue could be with CAP Lighttpd Web Server (cap-lighttpd.service). The service can be in failed or inactive state.

Verify the cap-lighttpd.service is inactive or failed using command: systemctl status cap-lighttpd.service

  • If the cap-lighttpd.service is inactive (dead) as indicated below, restart the cap-lighttpd.service.

root@<vCenter_hostname> [ ~ ]# systemctl status cap-lighttpd.service
   cap-lighttpd.service - CAP Lighttpd Web Server
   Loaded: loaded (/usr/lib/systemd/system/cap-lighttpd.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Day YYYY-MM-DD HH:MM:SS UTC; # ago
   Main PID: 2346 (code=exited, status=0/SUCCESS)

Follow the below steps to restart cap-lighttpd.service:

      1. SSH to vCenter Server Appliance and open Bash shell
      2. Start the service using the command: systemctl start cap-lighttpd.service
      3. Verify that VAMI is accessible.
  • If the cap-lighttpd.service is failed and the output also indicates duplicate config variable as highlighted below, check and fix the configuration errors caused by duplicate entries, which may have been introduced during the application of Security Technical Implementation Guides (STIGs).

root@<vCenter_hostname> [ ~ ]# systemctl status cap-lighttpd.service
   cap-lighttpd.service - CAP Lighttpd Web Server
   Loaded: loaded (/usr/lib/systemd/system/cap-lighttpd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Day YYYY-MM-DD HH:MM:SS UTC; # ago
   Process: 3745795 ExecStart=/opt/vmware/share/lighttpd/lighttpd-pre-start.sh (code=exited, status=255/EXCEPTION)
   Month DD HH:MM:SS #####-##### vami-light [49049]
   Month DD HH:MM:SS #####-##### vami-light [49049] Duplicate config variable in conditional 0 global:#########
   Month DD HH:MM:SS #####-##### vami-light [49049] {FAILED}

Follow the below steps to fix the issue due to duplicate entries in lighttpd.conf, which will be indicated in place of ######### in the above output:

      1. Take a snapshot of the vCenter Server.
      2. SSH to the vCenter appliance, enter Bash shell.
      3. Change directory using cd /var/lib/vmware/cap-lighttpd/
      4. Take a backup copy of the config file lighttpd.conf using the command cp lighttpd.conf /var/core/lighttpdBAK.conf.BAK
      5. Confirm the duplicate entry in lighttpd.conf using the this command, replace ######### with actual variable from the above output: cat /var/lib/vmware/cap-lighttpd/lighttpd.conf | grep #########
      6. Edit the file /var/lib/vmware/cap-lighttpd/lighttpd.conf and delete or comment out the duplicate entry in the file using '#'.
      7. Restart cap-lighttpd.service using command systemctl start cap-lighttpd
      8. Verify VAMI access.

 

Additional Information

To check cap-lighttpd.service failure issue refer: VAMI page for vCenter is inaccessible

To test connectivity from client to the vCenter Server on port 5480, refer: Unable to access vCenter VAMI on port 5480

 

Powered by Wolken Software