Unknown CPI error 'Unknown' with message 'Connection reset by peer - SSL_connect' in 'create_stemcell' CPI method
search cancel

Unknown CPI error 'Unknown' with message 'Connection reset by peer - SSL_connect' in 'create_stemcell' CPI method

book

Article ID: 424838

calendar_today

Updated On:

Products

VMware Tanzu Platform - Cloud Foundry

Issue/Introduction

When upgrading TAS or uploading a stemcell, the task fails during the create_stemcell CPI method with an error:

Unknown CPI error 'Unknown' with message 'Connection reset by peer - SSL_connect' in 'create_stemcell' CPI method

This failure may occur after the stemcell upload starts or any AZ/Infrastructure changes.

Environment

TAS v10.2.4

Cause

The vSphere CPI requires direct HTTPS (TCP 443) access from Ops Manager/BOSH Director to all ESXi hosts in order to perform stemcell creation tasks. In this scenario, the failure is caused by ESXi host firewall rules blocking HTTPS client traffic.

 

Resolution

Check the ESXi host firewall rules on each ESXI host:

  • esxcli network firewall ruleset list
  • Search for httpClient and httpsClient to see if they are enabled or disabled

 

Enable httpClient and httpsClient

  • esxcli network firewall ruleset set -e true -r httpClient
  • esxcli network firewall ruleset set -e true -r httpsClient

 

Verify connectivity from OpsMan

  • curl -vk https://<esxi-host-fqdn>
Powered by Wolken Software