VMware Cloud Community
ACME_214
Contributor
Contributor

Seeking assistance with Nested ESXi 6.5 problem - unable to add host to new vcenter

Hello All,

Thank you for taking the time to read this.  I've been tasked with making my first nested lab.  Currently the root vcenter is 6.5 with std switches.

I've been asked to and created 2 nested ESXi hosts and created a 2nd non-nested vcenter with embeded  PSC, a vum and db servers to add the hosts

into.

The company does not want to use a DVSwitch only Std.   I have created the nested hosts with no problem and assigned them to vlan 4095.   With this

dns resolves and I can ping vcenters, gateway, etc with no problems.

When I attempt to connect the nested hosts to this newly created vCenter, I am not able to.  Both the nested ESXi hosts and the new vCenter are on the

same Datastore.

I'm scratching my heading trying to get this to work as I'm pretty sure it will not work without a dvs...

Will this configuration work with nested hosts and non nested vcenter, vum and db?

Any assistance and feedback is very much appreciated. 

Thanks in advance!

9 Replies
Omid_Heravi
Enthusiast
Enthusiast

Hi,

As I know you can use VSS not only DVS. Can you telnet 443 from vcenter to ESXi ?

Also what error do you get when you add host to vCenter?

T180985
Expert
Expert

You can use standard switches, have you tried enabling promiscuous mode & allowed forged transmits on the port group the nested hosts are using?

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
ACME_214
Contributor
Contributor

Hello Omid,

Yes, Telnet works on port 443 from the vCenter server to both ESX ihosts. From the host downstream to the vCenter the switch has Forged, Promiscous and MAC changes set to enabled.

The switch upstream does not have those settings.

The error while trying to add to vCenter is:

"Cannot contact the specified host (hostname omitted Smiley Happy )  The host may not be available on the network, a network configuration

problem may exist, or the management services on the host may not be responding"

I have tested mgt svcs on the host and everthing checks out as good.  A restart if the mgt services and test also checked out as good.

Reply
0 Kudos
ACME_214
Contributor
Contributor

Hello T180985,

Thanks for responding.  Both Promiscuous and Forged have been set down stream from the nested ESXi hosts.

Does that need to happen upstream switch from the nested host back to the root vCenter?

Thank you!

Reply
0 Kudos
sjesse
Leadership
Leadership

Take a look at

https://www.virtuallyghetto.com/nested-virtualization

if you haven't already. I've never tried them but there are esxi appliances that are setup to work in a nested enviornment.

Reply
0 Kudos
ACME_214
Contributor
Contributor

Hi sjesse,

I am familiar with William's site and have read quite a few of his articles on nesting and they have helped some.

Unfortunately he doesn't go into the type of configuration that I am attempting.  I am thinking of creating another

switch that no other vm's reside on that I can configure with Promiscuous and forged transmits on it.

Also, we are not permitted to use any outside appliances otherwise I would have taken that route.

Reply
0 Kudos
sjesse
Leadership
Leadership

Not a big technical term person, just make sure promiscous mode and forged transmits are on the switch the nested esxi host connected to, can't remember what "Stream" that is. If you think about it the nested esxi host needs to change the mac and see all the network traffic. You shouldn't have to change those settings in the nested esxi's switches.

a_p_
Leadership
Leadership

I have created the nested hosts with no problem and assigned them to vlan 4095.

What are you trying to achieve with VLAN 4095? Please explain the virtual network for the ESXi host, and the ESXi VMs more detailed.


André

Reply
0 Kudos
ACME_214
Contributor
Contributor

Thank you all for the tips.  It's very appreciated.

With the help of another we discovered it to be some kind of bug in DNS/DHCP resolution.  When adding the host to the vCenter using the FQDN

it failed every time.  Attempting to register via the static registered IP, it would also failed.

We UN-registered the forward and reverse records and we attempted again to connect via FQDN it still failed.  Then we attempted to connect to

vCenter using only the new DHCP address the host connected successfully.

I would prefer using the FQDN of the host so it's easier to identify in vCenter but for the purpose of this testing lab identification by IP will suffice.

Thanks everyone for the suggestions!

Reply
0 Kudos