I've checked everywhere, and I can't get anything that points to this error. I got a different error pertaining to the VMotion port group when I tried the compliance check and then when I joined the ESX server to the cluster, I get the error above when running the compliance check. Any ideas if this is valid or just a bug?
Anyone have a fix for this? We are getting the same error...
Here is the fix...I removed both PORTS for FT & VMotion while in maintanence mode then recreated them
then exit maintanence mode
then check and now compliant.
We have another node the cluster that has the same issue. Will try this fix and see if it works 2 time in a row!
We also faced this issue, and got fixed by manually editing the HostProfile.
1. Open vCenter go to Home -- > Management --> Host Profiles
2. Right Click on the Host Profile you are using for your Cluster and Select Edit
3. Expand the profile Profile
- Profile-name
- Firewall configuration
* - Ruleset Configuration*
* - faultTolerance*
Select Ruleset and check the checkbox in right hand "*Flag Indicating whether ruleset should be enabled"
Click OK.
and check Compliance again in Cluster.
Hope this helps
I have this issue too but found a much easier fix.
1- do the compliance check one or two more times, see if that fixes it
2- if not, put the host in maintenance mode and do a new compliance check. Usually that fixes it for me.
I've never had to change anything to get rid of this message, but sometimes I do get another warning about DNS configuration. The only way to get rid of that is to just re-apply the profile.
I also have this issue. For some reason on a server reboot it is not re-enabling the corresponding "CIM Server" and "CIM Secure Server" firewall services. They were open (apparently) when I created the host profile, but then I reboot the server and they are no longer opened, so the compliance check fails. I'm curious what sort of impact this is having on server health monitoring. If these ports are not open, is vCenter able to get the CIM data? They are listed under the "incoming connections" section, so I'd think I'd be OK, but the compliance issue is really annoying.
The stranger thing is that I've also seen them go away on their own, but at the time I didn't know what was causing the issue. I suspect that maybe the services get re-enabled somehow automatically. Either way, 5.0 U1 didn't fix the issue, so I'm probably going to open an SR to VMware.
Whoops, I replied to the wrong thread (or made a thread up in my head). My issue is not the same, I'm having issues with the CIM Server and CIM Secure Server firewall ports being closed on reboot (which may or may not be an issue, but is definitely causing some host profile compliance issues).