VMware Cloud Community
Klove3
Contributor
Contributor
‎06-28-2015 05:56 AM
Jump to solution

Unable to connect to the inventory service on "x"

I'll try to be as short and detailed as possible. I have two vCenter 5.5 physical machines running at two different remote sites we'll call them "North" and "South". They each have their own SSO, Inventory Service, etc. I've been able to successfully link them together(linked mode). When I log into vsphere client everything shows up and it works perfectly besides the fact that I can't use the inventory search feature for "South VC". The problem is when I log into the webclient it displays the "Unable to connect to the inventory service on South". I've verified the service is up and running, tried rebuilding/resetting the database, uninstalling and reinstalling BOTH inventory service and web client on South. I've also tried changing the identity source to our integrated Active Directory.

When I go into the linked mode configuration tool, it say's "this vCenter is already joined to another vCenter" which it appears to be based upon logging into the Thick client. Windows firewall is off on both as well.

Would anyone have any other suggestions? Not being able to manage from web client defeats the purpose of linked mode.

Thanks for ALL replies!

0 Kudos
1 Solution

Accepted Solutions
RyanH84
Expert
Expert
‎06-29-2015 12:33 PM
Jump to solution

Hi,

How is the networking configured on both sites. I assume both hosts can see each other, are there any firewalls between them?

I would advise that if there is, you need to check that the following ports are open between them:

   

10080TCPvCenter Inventory Service HTTP
10109TCPvCenter Inventory Service Management
10111TCPvCenter Inventory Service Linked Mode Communication
10443TCPvCenter Inventory Service HTTPS

Taken from this KB. To prove the ports are open, you could run a telnet test from North to South (and then vice-versa). It is also worth noting that sometimes when these services run, typically linked-mode for example, that they often connect on the port above but then establish further connections in the higher dynamic port range (at random). This can sometimes throw issues in that firewalls don't allow that through.

Just a thought, I've seen similar issues before with linked-mode and associated services!

Happy to help further!

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

View solution in original post

4 Replies
RyanH84
Expert
Expert
‎06-29-2015 12:33 PM
Jump to solution

Hi,

How is the networking configured on both sites. I assume both hosts can see each other, are there any firewalls between them?

I would advise that if there is, you need to check that the following ports are open between them:

   

10080TCPvCenter Inventory Service HTTP
10109TCPvCenter Inventory Service Management
10111TCPvCenter Inventory Service Linked Mode Communication
10443TCPvCenter Inventory Service HTTPS

Taken from this KB. To prove the ports are open, you could run a telnet test from North to South (and then vice-versa). It is also worth noting that sometimes when these services run, typically linked-mode for example, that they often connect on the port above but then establish further connections in the higher dynamic port range (at random). This can sometimes throw issues in that firewalls don't allow that through.

Just a thought, I've seen similar issues before with linked-mode and associated services!

Happy to help further!

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
Klove3
Contributor
Contributor
‎06-29-2015 02:26 PM
Jump to solution

Thank you for your reply. I am able to telnet on all of those ports EXCEPT 10111. My network team ensures me that no ports are blocked, but obviously something is preventing them from communicating yes?

I am sincerely out of ideas.

0 Kudos
RyanH84
Expert
Expert
‎06-29-2015 02:37 PM
Jump to solution

Hi,

Well, that port is for vCenter server linked mode with inventory service so that is probably it. If you cannot telnet on that port to/from the boxes then that is certainly the problem.


Show them the telnet test and prove it.

You could also open another windows prompt and run a "netstat -n 1 | FIND "SYN"  to see what is happening when you try and telnet. Typically in my environment, if a firewall is dropping packets I see "SYN_SENT" to the server/IP but then nothing ever establishes. Not being able to telnet proves the port is not open, either on each server (should be automatic on vCS) or the higher level firewall.

Go back and prove it to them Smiley Happy

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
0 Kudos
Klove3
Contributor
Contributor
‎06-29-2015 03:00 PM
Jump to solution

They're sticking with it. No firewalls are in the middle.

The only difference between the servers is "South" has NIC teaming configured and I honestly feel like that's causing the issue here. I've done every KB and every troubleshooting thing I can think of. I'm out of ideas.

0 Kudos