VMware Cloud Community
3CV
Enthusiast
Enthusiast
‎04-03-2020 08:41 AM
Jump to solution

vcsa 6.5 SSL Settings - Unexpected status code: 400

Good afternoon all

Been a while since I was last here.  I have an issue at work where we had a network issue that disconnected an ESXi host out of vCenter.  That's been fixed, but when I add the host back in, the host name under the datacenter changes to a different IP address from it's own one and disconnects again.  Really Strange.

in vCenter on the host Summary it says:

Cannot synchronise host 123.123.123.123

Disconnected from host.  Reason: Cannot verify SSL thumbprint

SSH for the host has been disabled

Never seen that before - my thinking is that it's been this other ip at some point in it's life, moved to a different site and the ip has been changed to suit their range, but the thumbprint or cert is still tied to the old IP.  There are some strange goings on here, odd static routes in ESXi and stuff, weird setup. Keep finding oddities along the way.

But now in VCSA under  Configure > General > SSL Settings I have "Unexpected status code: 400"  in nice cheerful red letters.

This is a single host at a remote site.  vSphere 6 Essentials.

Anyone seen this before?  I've been on this all day, driving me mad.  TBH I'm not great with SSL or certificates.  Any help massively appreciated. 

Have a great weekend all.

0 Kudos
1 Solution

Accepted Solutions
3CV
Enthusiast
Enthusiast
‎04-06-2020 04:18 AM
Jump to solution

Traced the error.  Finally.  Lots of log reading.

On vCenter in the vpxd log I was getting:

2020-04-06T11:10:04.152+02:00 warning vpxd[7FE0B1932700] [Originator@6876 sub=InvtHostCnx opID=HeartbeatStartHandler-7eda5023] [VpxdInvtHost] IP address change detected from 11.111.111.111 to 222.222.222.222

After a LOT of digging, came across this article:   https://kb.vmware.com/s/article/1035944

I got one of our network guys involved, turns out there was a NAT rule on the firewall had been left running on a vpn between the two sites.  Disabled NAT - was supposed to be off anyway - and the host connected and stayed connected with no further issues.

Never come across this before - new one on me.  Might help someone else.

View solution in original post

0 Kudos
2 Replies
sarikrizvi
Enthusiast
Enthusiast
‎04-03-2020 08:54 AM
Jump to solution

check host connectivity from vCenter to Host and also telnet port 902

Regards,
SARIK (Infrastructure Architect)
vExpert 2018-2020 | vExpert - Pro | NSX | Security
vCAP-DCD 6.5 | vCP-DCV 5.0 | 5.5 | 6.0 | vCA-DCV 5 | vCA-Cloud 5 | RHCSA & RHCE 6 | A+ (HW & NW)
__________________
Please Mark "Helpful" or "Correct" if It'll help you
_____________________________________
@Follow:
Blog# https://vmwarevtech.com
vExpert# https://vexpert.vmware.com/directory/1997
Badge# https://www.youracclaim.com/users/sarik
0 Kudos
3CV
Enthusiast
Enthusiast
‎04-06-2020 04:18 AM
Jump to solution

Traced the error.  Finally.  Lots of log reading.

On vCenter in the vpxd log I was getting:

2020-04-06T11:10:04.152+02:00 warning vpxd[7FE0B1932700] [Originator@6876 sub=InvtHostCnx opID=HeartbeatStartHandler-7eda5023] [VpxdInvtHost] IP address change detected from 11.111.111.111 to 222.222.222.222

After a LOT of digging, came across this article:   https://kb.vmware.com/s/article/1035944

I got one of our network guys involved, turns out there was a NAT rule on the firewall had been left running on a vpn between the two sites.  Disabled NAT - was supposed to be off anyway - and the host connected and stayed connected with no further issues.

Never come across this before - new one on me.  Might help someone else.

0 Kudos