Login Banner wording causes vmodl.fault.HostCommun...

GTO455 · ‎03-27-2014

Recently, I have spent the better part of 2 (frustrating) weeks trying to get a new ESXi 5.5 environment (vCenter and ESXi) up and running. Unfortunately, I ran into a few issues and wanted to publish them here in case others run into the same problem.

For years and prior versions of ESXi (3.5, 4.x, 5.0 and 5.1) we have performed the same series of steps on each system we build then add them to Virtual Center; install ESXi on the hardware, install custom cert, add a SSH banner, harden ESXi, add to vCenter, etc.

In this situation we first we installed ESXi 5.5. No surprises there, it installed normally without a problem. Next, we added a SSH login banner, editing the /etc/issue file according to this VMware KB article.

As I mentioned earlier, we have been setting up ESXi systems like this for years and never had a problem. However, with version 5.5 we ran into problems that we had never seen before.

After performing the steps above, we attempted to add and ESXi system to vCenter 5.5. The process would get to 80% and fail with the following error:

A general system error occurred: internal

error: vmodl.fault.HostCommunication

Retrieving data from vCenter agent on <FQDN>

VSPHERE.LOCAL\Administrator

Errors on the vxpd.log would have entries similar to;

00 [01072 error 'vpxdvpxdVmomi'

opID=8643930E-00000044-52] [VpxdClientAdapter] Unexpected error logging into

host FQDN: Server closed connection after 0 response bytes read; <SSL(<io_obj

p:0x000000000a4758b8, h:3096, <TCP '192.168.1.10:52516'>, <TCP

‘192.168.1.9:443’>>)>

Nothing in any of the logs was pointing to the banner as a potential problem. It was only after several days of troubleshooting which consisted of wireshark traces, certificate troubleshooting, VC and ESXi rebuilds did we find the answer. For some reason putting our login banner information in the /etc/issue file was causing the problem.

Admittedly, our login banner is a bit “wordy” (152 words), but like I said we have been doing this for years and the nothing in the process has changed, not even the wording in the login banner. I’m not sure what the magic number is, one character works, but 152 are too many. And in case you’re wondering, the text we added did not have any lines feeds or special characters in the text.

Incidentally, placing the login banner wording in the /etc/motd file has the same effect. The system will fail and not be able to join a Virtual Center 5.5 instance.

I hope this information saves someone else a bunch of time. I can’t tell you how frustrating this was!

admin · ‎04-06-2014

I have seen texts far longer than 152 words in the /etc/issue, would you mind giving the text you put in there to me to see if I can reproduce the issue?

kastlr · ‎09-15-2014

Hi,

I did run into the exact some issue which the /etc/issue file.

After wiping it from the ESXi Servers the vCenter server was able to reconnect., so here's a BIG THANK YOU for posting your findings.

The problem still exists with latest update 2 of ESXi (Build 2068190) & vCenter Server (Build 2001466).

We did use the following content in our /etc/issue files

################################################################################

# #

# Welcome to xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. #

# #

# All connections are monitored and recorded. #

# #

# Disconnect IMMEDIATELY if you are not an authorized user! #

# #

################################################################################

Hope this helps a bit.
Greetings from Germany. (CEST)

All

Login Banner wording causes vmodl.fault.HostCommunication error in ESXi 5.5