Also, you can test,from SSH connection on ESXi host, if the host has HTTPS port open with this command:

nc -z localhost 443

Thanks for the responses.

The nc test succeeded on the server and the tnc test was successful from my windows server on the same vlan. From my workstation on a different vlan, the tnc test had a successful ping but TcpTestSucceeded was false.

I can limit these tasks to the server where the test was successful, but I still can't connect with a browser. I've cleared browser data and retried, but no dice yet.

Any other suggestions?

Another note - I moved these hosts to their current vlan a couple of years ago, so I just double-checked the management network and verified that it's enabled on the vswitch with the new vlan and disabled on the old one. It's possible that I haven't connected to the host websites since I've done that, so is there something else I should check related to that move?

Ciao 

Try to restart the management service:

Restarting the Management agents in ESXi (1003490) (vmware.com)

Thanks. I'll try these steps.

This is the error I usually get, although a few times it has just hung without displaying the error.

***

The connection has timed out

The server at 172.28.211.42 is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

***

I tried restarting all the services and then decided to restart the server, but still no luck.

With the same thing happening on all 3 of my hosts, I feel like reinstalling won't help. I feel like it might be a cert issue with the self signed certs, even though vcenter says they're good through 2026. I'm happy enough with self signed certs since we're firewalled and only a few admins need access, so I wonder if I just need to renew the certs or remove the hosts from vcenter and re-add. I guess I can try both of those and contact vmware support if that doesn't help.

Hello.
If you reinstall the ESXi Host from scratch, the certificates and configurations are new and standard, you should be able to connect to the web client. Your problem could be in your network (physical switch, firewall etc.) or in the browser you are using.
If you still have doubts you can connect directly (direct cable) to the ESXi host with a portable, use an IP of the same range of the ESXi Host and perform:
ping the ESXi IP and it should respond without problems.
Enter through a browser to the ESXi host IP (access to the web client https:/ip).

Thanks, Enrique. I will try that.

Was this problem ever resolved?  I have the same issue, Cannot connect to the UI from separate network.  Routing works, and some application layer communications are successful, but it behaves like it's stuck in a loop trying to complete the connection. I have no log entries on my pfsense firewall and have allowed all traffic between networks, so I dont think it's at the firewall.

My guess is that it's an ACL on vmware, but not sure what/where.  I'm very new to vmware.

Depends on how you define "resolved." I still can't connect to the host web gui from a different subnet whitelisted in the firewall, but I can connect from a machine in the same subnet as the esxi hosts so that's what I do now.