VCF 9.1 deployment is stuck during the "Convert the existing vCenter to a new VCF instance" milestone, specifically hanging on the "Generate SSH Known Hosts Input Data" task.
search cancel

VCF 9.1 deployment is stuck during the "Convert the existing vCenter to a new VCF instance" milestone, specifically hanging on the "Generate SSH Known Hosts Input Data" task.

book

Article ID: 442379

calendar_today

Updated On:

Products

VMware SDDC Manager / VCF Installer

Issue/Introduction

  • The VCF Installer UI shows the task "Generate SSH Known Hosts Input Data" indefinitely stuck in an "In progress" state
  • Deploying VCF and after pre-check the deployment is stuck at this step:  "Generate SSH Known Hosts Input Data" and Convert the existing vCenter to a new VCF instance 23/42

  • /var/log/vmware/vcf/sddc-support/sos-[DATE-TIME]/sos.log reports below error 


    YYYY-MM-DDTHH:MM:S.863+0000 DEBUG [vcf_sos] [commandutils.py::run_threads_sync::233::collect_vc_logsThread0] Waiting for thread: _download_vc_logsThread0
    YYYY-MM-DDTHH:MM:S.864+0000 DEBUG [vcf_sos] [base.py::ping_device::84::_download_vc_logsThread0] Ping host : Esx_FQDN
    YYYY-MM-DDTHH:MM:S.892+0000 INFO [vcf_sos] [base.py::ping_device::93::collect_vms_logsThread2] Ping response is PING Esx_FQDN (##.###.##.##) 56(84) bytes of data.
    From VCF_Operations_FQDN (##.###.##.##) icmp_seq=1 Destination Host Unreachable
    From VCF_Operations_FQDN (##.###.##.##) icmp_seq=2 Destination Host Unreachable
    From VCF_Operations_FQDN (##.###.##.##) icmp_seq=3 Destination Host Unreachable

    --- lf-VCF_Operations_FQDN ping statistics ---
    3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2030ms
    pipe 3

    YYYY-MM-DDTHH:MM:36.892+0000 INFO [vcf_sos] [base.py::ping_device::98::collect_vms_logsThread2] Unable to reach host: Esx_FQDN
    YYYY-MM-DDTHH:MM:36.892+0000 INFO [vcf_sos] [progressreporter.py::update_task_status::213::collect_vms_logsThread2] Update VCF_MANAGEMENT_SERVICES:VCF Management Services:Esx_FQDN with status : FAILED
    YYYY-MM-DDTHH:MM:36.892+0000 INFO [vcf_sos] [progressreporter.py::update_task_status::310::collect_vms_logsThread2] Overall status for VCF_MANAGEMENT_SERVICES : COMPLETED_WITH_FAILURE
    YYYY-MM-DDTHH:MM:36.892+0000 INFO [vcf_sos] [progressreporter.py::update_task_status::349::collect_vms_logsThread2] Current Status: Task-Name: VCF_MANAGEMENT_SERVICES, Entity-Name: VCF Management Services:Esx_FQDN, Task-Status: FAILED, Operation Status: IN_PROGRESS
    YYYY-MM-DDTHH:MM:36.892+0000 INFO [vcf_sos] [progressreporter.py::update_task_status::352::collect_vms_logsThread2] Task: VCF_MANAGEMENT_SERVICES, Status: FAILED, Entity: VCF Management Services:Esx_FQDN,Message: Esx_FQDN: Not reachable. Please ensure the resource is available and reachable. Failed to ping Esx_FQDN, Errors: Esx_FQDN: Not reachable. Please ensure the resource is available and reachable. Failed to ping Esx_FQDN

     

Environment

VCF 9.1

Cause

The ESXi host firewall was actively blocking necessary management/SSH traffic required for the VCF workflow to generate the SSH known hosts data.

Resolution

To fix this we can disable the firewall rules on the Host UI or CLI

1. Log into your ESXi host UI

2. Select Configure

3. Under System-->Select Firewall and disable

(OR)

From CLI we can execute below steps:

  1. Connect to the affected ESXi host via SSH or the ESXi Shell.
  2. Run the following command to temporarily disable the firewall and allow the traffic to pass:
    esxcli network firewall set --enabled false
  3. Retry the failed VCF operation or SOS log collection.
  4. Once the operation completes, re-enable the firewall:
    esxcli network firewall set --enabled true
  5. Verify and permanently update the ESXi firewall rules to allow the required VCF management ports and ICMP traffic to prevent future failures.

Additional Information

Network Port and Protocol Requirements

Powered by Wolken Software