jrhaakenson
Enthusiast
Enthusiast

Can't Add ESXi Host 7.0U2 to vCenter 7.0.2

Jump to solution

I have a VCSA running 7.0.2 that will not let me add any additional ESXi hosts running 7.0U2. I receive error "A general system error occurred: Host management agents not reachable on <Host IP>" for task Add standalone host.

-VCSA and hosts are on same subnet. Network connectivity between VCSA and hosts is fine. No firewall between the two.

-Management agents (hostd and vpxa) on ESXi host are started and running fine.

-Have proper ESXi license added to VCSA and assigned to host during the add host wizard.

-VCSA add host wizard finds the host SSL certificate but will not finish adding host.

-Add host wizard immediately goes to 80% and then fails.

-Hosts are DellEMC PowerEdge R6525 servers with the current custom DellEMC ESXi image installed.

Furthermore, I have a separate VCSA server that the same hosts in question can be added to fine.  So it must be the first VCSA mentioned that is the issue.  What VCSA specifics can prevent a host from being added?  SSL configs? Security settings? Policy settings? HA? vSAN? is there something in the VCSA CLI I can look for specifically? I've combed the vSphere web console and nothing sticks out. It's got to be some security configuration made in the VCSA shell for a STIG we've applied that is preventing hosts from being added or something similar.  I need these hosts to be managed by this specific VCSA that I can't add them to.

0 Kudos
1 Solution

Accepted Solutions
jrhaakenson
Enthusiast
Enthusiast

I found the solution.  In vSphere under Configure->Advanced Settings, the Advanced vCenter Server Setting vpxd.certmgmt.mode was configured as custom.  I changed it to thumbprint and it let me add the ESXi hosts.  I believe our intent is to manage our own certificates on the ESXi hosts, but I'll need check with my certificate admin to see how we are doing it.  

If this value is set to custom does that mean that a custom certificate must be installed on the ESXi host for it to be managed by vSphere?  Likewise if it is set to Thumbprint, will vSphere add the SSL thumbprint and manage the host that way?

View solution in original post

7 Replies
kenobi79
Enthusiast
Enthusiast

Hi

have you check ti kb?

https://kb.vmware.com/s/article/1003409

 

It's a list of troubleshootings on esxi

 

 

Bye - Riccardo Panzieri
https://www.i3piccioni.it
0 Kudos
jrhaakenson
Enthusiast
Enthusiast

Yes I've checked all the ESXi troubleshooting articles.  Thank you for your response.

I don't think the issues lies with the ESXi host.  The ESXi host can join a different VCSA (all on the same subnet) correctly.  I'm looking for something on the troublesome VCSA that would be preventing a host from joining with the error "A general system error occurred: Host management agents not reachable on <IP Address of Host>"  What would cause the VCSA to be unable to reach the host management agents when the host management agents are running and communication between the two is fine? 

0 Kudos
jrhaakenson
Enthusiast
Enthusiast

I found the solution.  In vSphere under Configure->Advanced Settings, the Advanced vCenter Server Setting vpxd.certmgmt.mode was configured as custom.  I changed it to thumbprint and it let me add the ESXi hosts.  I believe our intent is to manage our own certificates on the ESXi hosts, but I'll need check with my certificate admin to see how we are doing it.  

If this value is set to custom does that mean that a custom certificate must be installed on the ESXi host for it to be managed by vSphere?  Likewise if it is set to Thumbprint, will vSphere add the SSL thumbprint and manage the host that way?

Ajay1988
VMware Employee
VMware Employee

If not using custom certs ; you should be using vmca certificate mode and not thumbprint. I believe there is still an issue which needs investigation . Thumbprint mode was for 5.5 versions and if used , few vCenter services may not work correctly . 

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ
0 Kudos
KhurramAzad
Contributor
Contributor

You have no idea how much time I have wasted on this. The VMWare KB had set me in wrong direction of user authentication issue. Thank you so much. God bless you.

0 Kudos
jrhaakenson
Enthusiast
Enthusiast

I have an idea on how much time you wasted 😛 probably around the same amount of time I wasted.  Glad the solution helped you.  Take care.

0 Kudos
KWKirchner
Enthusiast
Enthusiast

Yes, absolutely bless you!

0 Kudos