VMware Cloud Community
psym0n
Contributor
Contributor
‎06-29-2017 03:12 AM

Registration/unregistration of a VASA vendor provider on a vSAN host fails

Dear community

I'm currently in the process of preparing a test lab for a 2-node vSAN ROBO installation.

I have an vCenter Appliance running the latest 6.5 edition

The ESXi Hosts are also running 6.5.0 (5310538)

The Witness Appliance is installed an configured

The Hardware environment consists of the following parts

---------------------

2x HP ProLiant BL460c Gen9 with Smart Array P420i

2x HP D2220sb Storage Blade

All disk are SSDs

---------------------

I doublechecked that i have the lastest hardware firmware and drivers installed.

The process of enabling vSAN it pretty smooth and i don't get any failures.

(The only thing i don't understand is why i still have to define a flash and cache tier in a fullflash setup)

After the vSAN has successfully activated i have the following error on both hosts

-------------------------------

registrationvasaprovider.jpg

-------------------------------

When i go to Storage providers i see that the following providers were found

-------------------------------

storageproviders.jpg

-------------------------------

The content of the "version.xml" looks like this

(as i have no experience, i cannot tell if the content is sufficient or not)

-------------------------------

<?XML version="1.0" encoding="UTF-8"?>

<vasa-provider>

<supported-versions>

<version serviceLocation="/axis2/services/vasaService" id="2"/>

</supported-versions>

</vasa-provider>

-------------------------------

I tried accessinig the storage provider URL from the shell but wget does not support https and i couldn't find any other tool to do this.

I then took an other host in the same subnet just to test if the URL is reachable, what i can confirm.

The witness host is in a different subnet but even this worked across the firewall.

(i double-checked the firewall logs, i coudn't find anything that is blocked)

On ESXi Firewall Incoming connections on Port 9080 are allowed as well.

Whatever i tried so far, i was never able to create a new virtual machine

It always fails with a message like or similar to that

-------------------------------------------------

vasaprovidernotfound.jpg

-------------------------------------------------

Does anyone of you have experience with it or has an idea what i could do get that running?

Thank you in advance

Simon

0 Kudos
4 Replies
TheBobkin
Champion
Champion
‎06-29-2017 09:54 AM

Hello psym0n,

A warm welcome to Communities and vSAN!

SSH host to the vCSA and test:

# curl -v -k https://esxi12345:9080/version.xml

Can it see the contents?

(I tested it without -k in a lab with VASA providers working fine and it gave a self-signed SSL cert error so I think this is expected)

More info on curl:

kb.vmware.com/kb/2097039

When you remove those Storage Providers and manually re-add them does this complete without errors?

Could be certs, can you attach the sps.log from vC?

kb.vmware.com/kb/2079087

helpcenter.veeam.com/mp/80/kb/vasa_vendor_provider_registration_fails.htm

From comparison to a lab I just tested, the .xml looks fine

(The URL confused me at first as I wasn't aware had switched to port 9080 from 8080 in 6.5)

Regarding your question about All-Flash:

Are you asking why you have to specify capacity and cache-tier disks?

This is due to these having different functions in the Disk-groups and thus different hardware is used most of the time (preferably a faster, more durable, smaller drive/NVMe as cache)

Bob

-o- If you found this comment useful please click the 'Helpful' button and/or select as 'Answer' if you consider it so, please ask follow-up questions if you have any -o-

0 Kudos
psym0n
Contributor
Contributor
‎07-04-2017 03:24 AM

Hi Bob

Thank you very much!

The output from vCenter Server Appliance

---------------------------------

> curl-from-vcsa.txt

---------------------------------
As far as i can tell this looks good.

The certificates are generated by itself, so i don't actually know how to create them by hand.

For this scenario i deleted them all and synchronized the Storage Providers, what provokes a re-issueing of the certificates.

I downloaded "sps.log" and cut it down to the minutes of creating the new certificates (sorry, it is stilll 8000+ lines)

---------------------------------

> sps.log

---------------------------------

From what i found during investigation was

Some issue during unregister...

---------------------------------

2017-07-04T11:01:20.946+02:00 [pool-14-thread-8] ERROR opId=com.vmware.vim.sms.provider.vasa.version.VersionStrategyHelper - Exception during unregisterVasaCertificate()

com.vmware.vim.sms.fault.VasaServiceException: org.apache.axis2.AxisFault: SSL error

---------------------------------

There seems to be something wrong with authentication... but i didn't provide any user/password during the process!?

---------------------------------
2017-07-04T11:02:56.843+02:00 [pool-14-thread-11] ERROR opId= com.vmware.vim.sms.provider.vasa.VasaProviderImpl - [init] Provider creation failed

(sms.fault.IncorrectUsernamePassword) {
   faultCause = null,
   faultMessage = null
}

---------------------------------

2017-07-04T11:03:31.996+02:00 [pool-14-thread-7] ERROR opId= com.vmware.vim.sms.provider.vasa.version.VersionStrategyHelper - Error in queryVasaProviderInfo
com.vmware.vim.vasa.InvalidLogin: com.vmware.vim.vasa._1_5.InvalidLogin: InvalidLogin

---------------------------------

Error in validation, hmmm suddenly the port is 8080 instead of 9080... what's that about?

---------------------------------

2017-07-04T11:04:50.887+02:00 [pool-14-thread-2] ERROR opId= com.vmware.vim.sms.provider.ProviderFactory - Error during the validation of the provider URL
java.net.SocketTimeoutException: connect timed out

---------------------------------

2017-07-04T11:04:50.910+02:00 [pool-14-thread-8] ERROR opId= com.vmware.vim.sms.StorageManagerImpl - [resyncVsanProviders] Operation resyncVsanProviders failed
(sms.fault.VsanProvidersResyncFailed) {
   faultCause = null,
   faultMessage = null,
   providerUrl = (STRING) [
      https://esxi-hostname002.domain.com:8080/version.xml,
      https://esxi-hostname001.domain.com:8080/version.xml
   ]
}

---------------------------------

[Sidetopic]: All-Flash tiers
So even if i have a server that has 10 identical SSDs i have to define some of them as cache.
Well that brings up a couple more questions, for example how i should do sizing of flash and cache tier.
Technically i have to know what is stored in flash tier and then probably need to know more about the behaviour of all VMs.
Have you done any kind of sizing calculation with vSAN so far?

Simon

sps.log.zip
curl-from-vcsa.txt.zip
0 Kudos
vaidman
Contributor
Contributor
‎08-22-2018 07:31 AM

Per https://www.reddit.com/r/vsan/comments/8dni6g/vsan_66_storage_providers_not_see_after/, a reboot of vCenter resolves this.

0 Kudos
TheBobkin
Champion
Champion
‎08-23-2018 12:52 PM

Hello vaidman​,

While rebooting vCenter is a relatively low-impact troubleshooting step and should be performed if possible (to at least rule out a few things),it is not a silver-bullet and generally doesn't fix the bulk of VASA issues that simply restarting the spbm service won't fix.

What I have found seems to work for multiple issues (not just cert issues as this kb is about) is deleting and recreating the SMS certs:

https://kb.vmware.com/s/article/2126810

https://communities.vmware.com/thread/589059

Bob

0 Kudos