VMware Cloud Community
tdubb123
Expert
Expert
‎05-09-2017 08:09 AM

esxi 5.1 host getting disconnect from vcenter after 30secs

i got a esxi host that keep getting diconnected from vcenter 6 appliance after 30 secs . any idea?

0 Kudos
12 Replies
rcporto
Leadership
Leadership
‎05-09-2017 09:41 AM

Which exact version of vCenter you're running? And this is a brand new vCenter or it is a old one? And the hosts and vCenter are on the same network? If not, check the following KB article: ESXi/ESX host disconnects from vCenter Server 60 seconds after connecting (1029919) | VMware KB

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-09-2017 10:10 AM

nothing is new. vcenter 6.0 build 5318203

esxi host is esxi 5.1 build 3872644

not on same network. remote hosts. another host is connected just fine on the same network as the other one.

0 Kudos
rcporto
Leadership
Leadership
‎05-09-2017 10:19 AM

Based on the build number, you're running the vCenter Server Appliance 6.0 Update 3b, and based on VMware Interoperability Matrices, your vCenter do not support ESXi 5.1 hosts, see: VMware Product Interoperability Matrices

Not sure if the Matrix is really 100% correct, but I will recommend you really verify if the required network port 902 UDP is open on both directions and consider upgrade your host to a supported version.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-09-2017 12:22 PM

is there a way to test udp port 902? how do I verify?

0 Kudos
rcporto
Leadership
Leadership
‎05-09-2017 01:38 PM

Sorry, I put the wrong KB article on my first reply, but have changed to point to the correct VMware KB article that shows how to check bi-directional traffic, see: ESXi/ESX host disconnects from vCenter Server 60 seconds after connecting (1029919) | VMware KB

To verify if bi-directional traffic is allowed:

  1. Download Wireshark from http://www.wireshark.org/ and install it on the vCenter Server system.
  2. On ESXi, enable Tech Support Mode. For more information on enabling Tech Support Mode, see:

  3. Download the Python script attached to this article (udp_client.py) to the ESXi/ESX system in question.
  4. Edit the udp_client.py script on the ESXi/ESX host using a text editor. Modify the line, "host = '192.168.1.1'" and replace 192.168.1.1 with the IP address of the vCenter Server system.
  5. Start Wireshark on the vCenter Server system.

    1. In the Filter field, enter ip.src==IP_of_host and udp.port==902. Replace IP_of_host with the IP address of the ESXi/ESX host in question.
    2. Click Apply.
    3. From the Capture menu, select Interfaces and click Start next to the NIC used for vCenter Server IP traffic.

  6. From the ESXi/ESX host, run this command:

    python udp_client.py

    The total number of packets sent, the port, and the destination address are displayed.

  7. On the vCenter Server system, watch the Wireshark screen for any packets showing up that match the filter applied.
  8. If no packets are received, this indicates that something is blocking UDP traffic over port 902 from the ESXi/ESX host to the vCenter Server system. Inspect the physical networking environment and any software-based firewall on the vCenter Server system.

Ensure that these ports are open in the firewall between vCenter Server and the ESXi/ESX hosts:

  • 902 - UDP & TCP
  • 443 - TCP
---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-09-2017 02:44 PM

i cant use wireshark. I am on vcsa appliance

0 Kudos
rcporto
Leadership
Leadership
‎05-09-2017 04:39 PM

Install and use tcpdump like described on the following VMware KB article: How to install tcpdump package on vCenter Server Appliance (2084896) | VMware KB

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-10-2017 01:27 PM

hi I got the tcpdump pcap file. I tried to view it with

tcpdump -r file.pcap

but I am not seeing any port numbers on 902

what should i look for?

0 Kudos
rcporto
Leadership
Leadership
‎05-10-2017 01:38 PM

Steps #8 of the VMware KB that I posted in one of my previous answers says the following:

If no packets are received, this indicates that something is blocking UDP traffic over port 902 from the ESXi/ESX host to the vCenter Server system. Inspect the physical networking environment and any software-based firewall on the vCenter Server system.

So, based you that, you will really need to check if that port is allowed on firewall.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-10-2017 02:23 PM

what exact tcpdump should i use?

tcpdump -n host x.x.x.x -vv /tmp/filename.pcap

is it udp 902 on the appliance or esxi host?

or it is tcp 443 on the esxi host?

0 Kudos
rcporto
Leadership
Leadership
‎05-10-2017 05:14 PM

what exact tcpdump should i use?

tcpdump -n host x.x.x.x -vv /tmp/filename.pcap

Like described on VMware KB 2084896 that I posted previously, the tcpdump -i interfacename -w filename should be enough to capture traffic and write to a file.

is it udp 902 on the appliance or esxi host?

or it is tcp 443 on the esxi host?

Port 902 UDP should be open between ESXi host and vCenter to managed host send regular heartbeat to vCenter server. Port TCP 443 must be open too, but that port is for another purpose, and not for heartbeat. See full port documentation here: Network ports required to access vCenter Server, ESXi, and ESX hosts (1012382) | VMware KB

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
tdubb123
Expert
Expert
‎05-11-2017 09:00 AM

something is strange.

from the appliance I see ESTABLISHED 443 connections from the esxi host

but from the esxi host when i do a

nc -z -v vcsa 443

says failed conection timeout

0 Kudos