OK, I am testing in the lab a vsan cluster for 6.0.
I have my esx hosts running 6.0.0 and vcenter server is 6.0.0 also.
I have platform services on one vm and vcenter on another. I was able to create a datacenter and then a cluster underneath.
Next I went to try and add a host to my cluster and I get this error....
Cannot contact the specified host (hostname\IP). The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.
Per this KB: VMware KB: Adding a VMware ESXi/ESX host to VMware vCenter Server fails
I confirmed that my vcenter server and platform services server can see all the esx hosts. From within the vcenter server, it can ping the esx hosts and putty can get to all of them. I even installed the thick client and it can connect to all the esx hosts. I used netbios name, FQDN and IP and they all worked.
I only have one subnet so that's not an issue. DNS resolution works across the board from both directions, from vcenter to esx hosts and esx hosts to vcenter.
I'm quite stumped. :smileyconfused:
I mean with openssl like openssl s_client -connect ESXihost:443
I get this...
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
CONNECTED(00000128)
depth=0 C = US, ST = California, L = Palo Alto, O = "VMware, Inc", OU = VMware E
SX Server Default Certificate, emailAddress = ssl-certificates@vmware.com, CN =
localhost.localdomain, unstructuredName = "1432232584,564d7761726520496e632e"
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = Palo Alto, O = "VMware, Inc", OU = VMware E
SX Server Default Certificate, emailAddress = ssl-certificates@vmware.com, CN =
localhost.localdomain, unstructuredName = "1432232584,564d7761726520496e632e"
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = US, ST = California, L = Palo Alto, O = "VMware, Inc", OU = VMware E
SX Server Default Certificate, emailAddress = ssl-certificates@vmware.com, CN =
localhost.localdomain, unstructuredName = "1432232584,564d7761726520496e632e"
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Default
Certificate/emailAddress=ssl-certificates@vmware.com/CN=localhost.localdomain/un
structuredName=1432232584,564d7761726520496e632e
i:/O=VMware Installer
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID8TCCAtmgAwIBAgIGOuAuOHLBMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAoT
EFZNd2FyZSBJbnN0YWxsZXIwHhcNMTUwNTIxMTgyMzA1WhcNMjYxMTE5MTgyMzA1
WjCB+jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
CVBhbG8gQWx0bzEUMBIGA1UEChMLVk13YXJlLCBJbmMxLjAsBgNVBAsTJVZNd2Fy
ZSBFU1ggU2VydmVyIERlZmF1bHQgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEW
G3NzbC1jZXJ0aWZpY2F0ZXNAdm13YXJlLmNvbTEeMBwGA1UEAxMVbG9jYWxob3N0
LmxvY2FsZG9tYWluMTAwLgYJKoZIhvcNAQkCEyExNDMyMjMyNTg0LDU2NGQ3NzYx
NzI2NTIwNDk2ZTYzMmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj
WJ1gCtaT4GMuybGa4w1Y43FGzFFzArIeNcjKI09bdHMYFpQzndgy+yThDGjaNwAR
KIl8ljUXW83ObUwrvat1tQuDsQ+7z+yhNfVOIchhkyjrfwwrxzKIlxS3huZqZHEr
xUI5pr1HT0pfOC/ZZZDOBf69twZ3CIbTNNpnNnJt2KNmrWl115i1/fnq3klqtcAO
ZorGyeFLMV6LMKDDFhGc2eEVzVAmp8Kr6Ruxm90SrFraiiC4sHjZVn3caVB0kDes
n0NTgmqPpyxP74OVmgyU5hanKQymbrahaYWMzE6oOnu1ebSp8km7uRb/AA/fwMuN
DHV3ecJMqdwcA/9o6c8tAgMBAAGjWzBZMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSw
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAgBgNVHREEGTAXghVsb2Nh
bGhvc3QubG9jYWxkb21haW4wDQYJKoZIhvcNAQELBQADggEBAJDGm1xhGEnGZhU5
YdnZWKkuyFI+XZdKqWGUOrzTa4n0hgu+MP8IX8Uf0fCPDmTQjHvI839gBEAfHtQZ
hCX/cYwgu/Q6tHiKEiASUxPVYYJYfvsAbsAhL0WgIqQVkgjn33SMFI66T+60BQqm
H8vmvLIhMXnXTCXKkfEZ/Abd4+Is/WrDTzOav/FxtKc+ULuXxO0QaRmOmKrwxWyR
mkxorKYwgX6Nh9gnAou/X+Rh3pWA++ZG14CRoh/AleYc2MTqLRl4Ky+vq9z2UHaq
ihTv2E5nKuLGizMdoXnbcD95L/lfz5m9eHxjOO3jkmGzgo2+f7qe8jJI5cqky1sk
O+b+GWo=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=VMware, Inc/OU=VMware ESX Server Defau
lt Certificate/emailAddress=ssl-certificates@vmware.com/CN=localhost.localdomain
/unstructuredName=1432232584,564d7761726520496e632e
issuer=/O=VMware Installer
---
No client certificate CA names sent
---
SSL handshake has read 1147 bytes and written 635 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: 1F5C1E925C821DD02DEC4D70986552A4B807B9365C2BD0380681A1F64F2D5C95
14600B53F02C9F35EE1925D8EAE6886A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1432252144
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0
C:\>
The output looks similar on my ESXi servers. The other options I can think of is to install any network monitor tools on the vcenter and monitor the traffic while you are adding the hosts.
Did you try analyzing the network traffic between the vcenter and the hosts and see if it finds any issue.
I'll wireshark it today when I get time. Not quite sure what it will reveal because there are no firewalls, they are all on the same switch and network, you can telnet to all the esx hosts, ping from each direction (from esx to vcenter and platform services and vice versa).
I'll post results when I get to testing it.
Thanks
OK, after working with VMware on this issue, I think I figured it out.
All my hosts are DL360 G6 Servers.
All my hosts are run the same build ESX from "VMware-ESXi-6.0.0-2494585-HP-600.9.2.38-Mar2015.iso". Downloaded from HP.
All builds are in Evaluation mode.
After placing a call to VMware, they had me build some ESX VM's, platform services and vcenter VM's on an ESX host. We hung up because it took all day to spin up.
Once I got all the pieces (sql server, esx vm's, platform server & vcenter) up in the nested virtualization, I created my Datacenter, then Cluster then added the ESX hosts.
The hosts added fine, no errors. Then I remembered when I installed ESX inside a VM, I got upset that the iso I used from HP wouldn't work in my nested VM because of the virtualized hardware.
Then a the light came on in my head. Let's rebuild the entire physical cluster but NOT use the HP provided iso file but use the VMware provided iso file "VMware-VMvisor-Installer-6.0.0-2159203.x86_64.iso".
I did that today. I rebuilt all the ESX hosts with the VMware provided iso file.....
Spun up all the required VM's SQL Server, Platform Services VM, vCenter VM. My AD & DNS VM's are on another server so it's been up the whole time.
Logged into the web interface (Yuck!).
Created my Datacenter....
Created My Cluster....
Added all the hosts to my Cluster.
It all worked!!!!
So, if you are experiencing the same issue I am, consider building your ESX hosts with the VMware provided iso file and try it. In my case, the HP provided iso file did not function properly for me.
I also downloaded the HP iso file 2 other times to make sure and do a sanity check and it did the same thing.
_______________________________________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
I had the same issue with a vCenter 5.5 and 5.5 Hosts.
The problem was that SSLv3 was not active on the ESXi hosts.
To enable SSLv3 you have to edit:
/etc/vmware/rhttpproxy/config.xml with vi and add the following line
<sslOptions>16924672</sslOptions>
here:
Happened to me when i had to rebuild a host. When i went to re-add the SSL cert was giving a message about not being trusted. I simply added the host anyway and was prompted to re trust the certificate during that process. It still remembers the list of old vms that i had on the host (orphaned)