Many months ago, I re-IP'd my NFS share, from 192.168.20.161 to 192.168.30.161. I looked on my firewall today and noticed a ton of traffic where my ESXi is attempting to reach out to the old NFS share.
How do I stop it from reaching out to 192.168.20.161? Where is this controlled?
[root@esxi:~] esxcli network ip connection list | grep 161
tcp 0 0 192.168.30.200:641 192.168.20.161:111 SYN_SENT 66374 newreno NFSv3-RemountHandler
tcp 0 0 192.168.30.200:689 192.168.30.161:2049 ESTABLISHED 66375 newreno NFSv3-ServerMonitor
My one NFS share properly shows 192.168.30.161 in the GUI.
ANy ideas?
I don't have any NFS volume in my lab and therefore, no 'nas' entries in the esx.conf file. Now that you have unmounted the NFS datastore, I think we should be good removing the nas entries from the esx.conf file. Take a backup of the file, remove the nas lines from the esx.conf file and reboot the host.
Cheers,
Supreet
Interesting Has the host been rebooted atleast once post the re-IPing?
Cheers,
Supreet
Unfortunately, no change with the reboot. I hadn't remember the last time I did the reboot, so I did give it a try to see if it would do anything, but nope. I think next step will be to unmount the share, and see what connections are being done.
However, the program name did change to RPC-tx-192.168.20.161.0.111
[root@esxi:~] esxcli network ip connection list | grep 161
tcp 0 0 192.168.30.200:1005 192.168.20.161:111 SYN_SENT 69809 newreno RPC-tx-192.168.20.161.0.111
tcp 0 0 192.168.30.200:986 192.168.30.161:2049 ESTABLISHED 66377 newreno NFSv3-ServerMonitor
And now that I removed the NFS share, an old one still lingers....
[root@esxi:~] esxcli network ip connection list | grep 161
tcp 0 0 192.168.30.200:678 192.168.20.161:111 SYN_SENT 66376 newreno NFSv3-RemountHandler
Can you check Host --> Configure --> Security Profile --> Edit Firewall Settings --> NFS Client --> 'Allowed IP Addresses'? Does the old IP show up here as allowed? If yes, you can remove it, restart the services and check the IP connection list.
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
Thanks - seems like we are on the right track. The old IP was in fact listed there, and I removed it. I'm using the ESXi 6.5 Web GUI, so don't see a place to really restart the NFS service, and also don't see a way to do this from the CLI. I may need to reboot the ESXi host again, but won't be able to do that for a couple of days now. Unless there is a way to stop/start NFS from the CLI.
Great! Just to start with, restart the management agents on the host and check the IP connection list. If it still shows up, you can reboot the host per your convenience and check later.
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
Hey - Any update on this? Eager to know
Cheers,
Supreet
Not yet. I restarted the management agents but the connection attempt is still there. I need to restart the esxi host, but haven’t gotten around to finding a time to shutdown all my VMs. Will report back soon once I do finally reboot it again.
Restarted the host, same issue
Does the IP 192.168.20.161 show up in the /etc/vmware/esx.conf file? You can grep for the IP.
Cheers,
Supreet
Yes, it is listed there....I wonder if this is some remnants of when I was running 5.5 or 6.0 and was using the thick client to manage (I currently run 6.5 and web gui). Can I simply remove these lines from the esx.conf file, or do I need to remove this properly via another method, maybe from the web gui?
[root@esxi:~] grep -B4 -A4 161 /etc/vmware/esx.conf
/advUserOptions/options[0023]/type = "int"
/advUserOptions/options[0023]/hidden = "false"
/nas/NAS/share = "/volume1/programs"
/nas/NAS/readOnly = "false"
/nas/NAS/host = "192.168.20.161"
/nas/NAS/enabled = "true"
/vsan/faultDomainVersion = "2"
/vsan/faultDomainName = ""
/upgrades/complete[0003]/name = "persistVmkNicName"
In looking at the filesystem list, don't see any reference to a NAS share, though not sure if there is somewhere else where it will be listed.
[root@esxi:~] esxcli storage filesystem list
Mount Point Volume Name UUID Mounted Type Size Free
------------------------------------------------- ----------- ----------------------------------- ------- ------ ------------ ------------
/vmfs/volumes/5740c88d-ee89e056-3dd0-00247e546bb4 Disk1 5740c88d-ee89e056-3dd0-00247e546bb4 true VMFS-5 999922073600 343591092224
/vmfs/volumes/574f9688-d416f29c-2831-00247e546bb4 Disk2 574f9688-d416f29c-2831-00247e546bb4 true VMFS-5 999922073600 219484782592
/vmfs/volumes/310860ee-c68925c7-ae06-ad5fb7348dc4 310860ee-c68925c7-ae06-ad5fb7348dc4 true vfat 261853184 52609024
/vmfs/volumes/e71746e3-12d47ac6-2579-2eaa99f12805 e71746e3-12d47ac6-2579-2eaa99f12805 true vfat 261853184 52760576
/vmfs/volumes/5740af0d-4c1d386c-bc1d-00247e546bb4 5740af0d-4c1d386c-bc1d-00247e546bb4 true vfat 299712512 83836928
Do we have similar entries for 30.161 as well? Have you unmounted the existing volume while collecting the above output? What is the name of the existing NAS share?
Cheers,
Supreet
When I started troubleshooting this issue shortly after the first post, I removed all the NFS shares, so there is no entry for the other one, and all NFS shares are unmounted from my ESXi server. What's next?
I don't have any NFS volume in my lab and therefore, no 'nas' entries in the esx.conf file. Now that you have unmounted the NFS datastore, I think we should be good removing the nas entries from the esx.conf file. Take a backup of the file, remove the nas lines from the esx.conf file and reboot the host.
Cheers,
Supreet
Can you check Host --> Configure --> Security Profile --> Edit Firewall Settings --> NFS Client --> 'Allowed IP Addresses'? Does the old IP show up here as allowed? If yes, you can remove it, restart the services and check the IP connection list.
neyla12
You are welcome to participate in the discussion, but it relally doesn't make much sense to simply copy&paste parts of other user's replies.
André
This finally solved it. Thanks for the help - looks like some stale configuration item likely stuck from an upgrade or something.
Glad we were able to address it! Thanks for sharing the update
Cheers,
Supreet