SDDC Manager pre-check fails with "ESXi CLI checks for legacy boot mode and host filesystem symlinks have failed"
search cancel

SDDC Manager pre-check fails with "ESXi CLI checks for legacy boot mode and host filesystem symlinks have failed"

book

Article ID: 430861

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Performing pre-check on the SDDC Manager fail with the following error :

Description: Perform ESXi checks through ESXi CLI for legacy boot mode and host filesystem symlinks
Error Message: ESXi CLI checks for legacy boot mode and host filesystem symlinks have failed
Remediation: Please inspect the operationsmanager log file for further details on the ESXi CLI command failures. Check whether the host <hostname> is using legacy boot mode using: 'vsish -e cat /hardware/firmwareType'. Check whether there are broken symlinks on the host using: 'find -L / -maxdepth 1 -user root -type l'

No issues are identified even after executing the following commands on the affected host (<hostname>):

vsish -e cat /hardware/firmwareType
find -L / -maxdepth 1 -user root -type l

Example :
# vsish -e cat /hardware/firmwareType
1 -> UEFI
# find -L / -maxdepth 1 -user root -type l
#

The following error is recorded in the SDDC Manager operationsmanager.log:

Could not connect to the SSH server @ <hostname> for configuration.

In the auth.log of the target host, the following is recorded:

sshd[XXXXXXX]: fatal: mm_answer_sign: sign: error in libcrypto

Environment

SDDC Manager 5.1.x
SDDC Manager 5.2.x

Cause

If the hostkeyalgorithms setting for the SSH server on the target ESXi host is configured with +ssh-rsa, SSH connections from SDDC Manager to the host may fail.

How to verify the setting :

esxcli system ssh server config list | grep hostkeyalgorithms

Example :

# esxcli system ssh server config list | grep hostkeyalgorithms
hostkeyalgorithms                +ssh-rsa

Resolution

On the target ESXi host, change the hostkeyalgorithms setting for the SSH server to the same configuration as the hosts that passed the pre-check, then restart the SSH server.

Example :

# esxcli system ssh server config set -k hostkeyalgorithms -v ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
#/etc/init.d/SSH restart
#

Additional Information

Upgrading ESXi hosts from SDDC manager fails on prechecks with the error "ESXi CLI checks for legacy boot mode and host filesystem have failed"
https://knowledge.broadcom.com/external/article/380602

Japanese version of this KB : https://knowledge.broadcom.com/external/article/426883

Powered by Wolken Software