i got a esxi host that keep getting diconnected from vcenter 6 appliance after 30 secs . any idea?
Which exact version of vCenter you're running? And this is a brand new vCenter or it is a old one? And the hosts and vCenter are on the same network? If not, check the following KB article: ESXi/ESX host disconnects from vCenter Server 60 seconds after connecting (1029919) | VMware KB
nothing is new. vcenter 6.0 build 5318203
esxi host is esxi 5.1 build 3872644
not on same network. remote hosts. another host is connected just fine on the same network as the other one.
Based on the build number, you're running the vCenter Server Appliance 6.0 Update 3b, and based on VMware Interoperability Matrices, your vCenter do not support ESXi 5.1 hosts, see: VMware Product Interoperability Matrices
Not sure if the Matrix is really 100% correct, but I will recommend you really verify if the required network port 902 UDP is open on both directions and consider upgrade your host to a supported version.
is there a way to test udp port 902? how do I verify?
Sorry, I put the wrong KB article on my first reply, but have changed to point to the correct VMware KB article that shows how to check bi-directional traffic, see: ESXi/ESX host disconnects from vCenter Server 60 seconds after connecting (1029919) | VMware KB
To verify if bi-directional traffic is allowed:
- Download Wireshark from http://www.wireshark.org/ and install it on the vCenter Server system.
- On ESXi, enable Tech Support Mode. For more information on enabling Tech Support Mode, see:
- For ESXi 4.1 and 5.x: Using Tech Support Mode in ESXi 4.1 and ESXi 5.x (1017910)
- For ESXi 4.0: Tech Support Mode for Emergency Support (1003677)
- Download the Python script attached to this article (
udp_client.py
) to the ESXi/ESX system in question.- Edit the
udp_client.py
script on the ESXi/ESX host using a text editor. Modify the line, "host = '192.168.1.1'
" and replace192.168.1.1
with the IP address of the vCenter Server system.- Start Wireshark on the vCenter Server system.
- In the Filter field, enter
ip.src==IP_of_host and udp.port==902
. ReplaceIP_of_host
with the IP address of the ESXi/ESX host in question.- Click Apply.
- From the Capture menu, select Interfaces and click Start next to the NIC used for vCenter Server IP traffic.
- From the ESXi/ESX host, run this command:
python udp_client.py
The total number of packets sent, the port, and the destination address are displayed.- On the vCenter Server system, watch the Wireshark screen for any packets showing up that match the filter applied.
- If no packets are received, this indicates that something is blocking UDP traffic over port 902 from the ESXi/ESX host to the vCenter Server system. Inspect the physical networking environment and any software-based firewall on the vCenter Server system.
Ensure that these ports are open in the firewall between vCenter Server and the ESXi/ESX hosts:
- 902 - UDP & TCP
- 443 - TCP
i cant use wireshark. I am on vcsa appliance
Install and use tcpdump like described on the following VMware KB article: How to install tcpdump package on vCenter Server Appliance (2084896) | VMware KB
hi I got the tcpdump pcap file. I tried to view it with
tcpdump -r file.pcap
but I am not seeing any port numbers on 902
what should i look for?
Steps #8 of the VMware KB that I posted in one of my previous answers says the following:
If no packets are received, this indicates that something is blocking UDP traffic over port 902 from the ESXi/ESX host to the vCenter Server system. Inspect the physical networking environment and any software-based firewall on the vCenter Server system.
So, based you that, you will really need to check if that port is allowed on firewall.
what exact tcpdump should i use?
tcpdump -n host x.x.x.x -vv /tmp/filename.pcap
is it udp 902 on the appliance or esxi host?
or it is tcp 443 on the esxi host?
what exact tcpdump should i use?
tcpdump -n host x.x.x.x -vv /tmp/filename.pcap
Like described on VMware KB 2084896 that I posted previously, the tcpdump -i interfacename -w filename should be enough to capture traffic and write to a file.
is it udp 902 on the appliance or esxi host?
or it is tcp 443 on the esxi host?
Port 902 UDP should be open between ESXi host and vCenter to managed host send regular heartbeat to vCenter server. Port TCP 443 must be open too, but that port is for another purpose, and not for heartbeat. See full port documentation here: Network ports required to access vCenter Server, ESXi, and ESX hosts (1012382) | VMware KB
something is strange.
from the appliance I see ESTABLISHED 443 connections from the esxi host
but from the esxi host when i do a
nc -z -v vcsa 443
says failed conection timeout