Hi André,

thank you for your help.

The hosts were connected befor and worked without any Problem, no Updates were installed on them.

The SSL certificate has run out on April 16th and I see log-messages like this:

2016-04-20T16:46:03.546+02:00 [01392 error 'HttpConnectionPool-000001'] [ConnectComplete] Connect failed to <cs p:00000000075dadd0, TCP:*********:443>; cnx: (null), error: class Vmacore::Ssl::SSLVerifyException(SSL Exception: Verification parameters:

--> PeerThumbprint: DA:78:6B:87:5C:56:82:8F:8F:72:5A:37:48:04:30:69:40:08:E0:FC

--> ExpectedThumbprint:

--> ExpectedPeerName: *******

--> The remote host certificate has these problems:

-->

--> * A certificate in the host's chain is not time-valid.

-->

--> * The certificate is not time-valid.

-->

--> * unable to get local issuer certificate)

so I guess this is the problem, please tell me if I am wrong.

Didn't take any actions cause I  didn't want to risk shutting down VMs by accident.

Can I restart the Management Agents on the host without any impact to the running VMs?

Johannes

Are you using your own certificates? I'm asking because "The default SSL certificates of vCenter Server are valid for 10 years and that of ESX/ESXi 4.x/5.x are valid for a period of 11.5 years.".

I never had to deal with expired certificates on ESXi hosts, so I can't currently tell you for sure whether there's a workaround in order to avoid a host reboot after replacing the certificate.

Restarting the Management Agents shouldn't cause an issues with the VMs with default vSphere configurations. The only exception that I'm aware of is for stand alone hosts with Autostart/Autoshutdown configured VMs, where the VMs may shutdown/reboot.

Anyway in case of expired certificates I doubt that restarting the Management Agents will help.

Sorry that I cannot help you much with this issue.

André

Hi Haridas,

thank you for help.

I just replaced the cert with a new one from our CA and restartet the Management Agents.

Thanks,

Johannes