Hi,

I'm facing a strange behave and I have no clue how to fix it.

I have 2 ESXi v5.0 (host-A, host-B) connected to vCenter v5.1.

I used yesterday UpdateManager to patch the ESXi host-A (v5.0 504890), from vSphere client, moved all VM to the host-B, entered the maintenance mode, and applied the patchs, after the host reboot and I see a new version v5.0 914586 but then vCenter was unable to reconnect to continue the Update process. The ESXi host-a is in a "disconnected" state.

When I try to reconnect to it I get the error message:

"Cannot contact the specified host (host-A) . The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.

Target: host-a.domain.local

vCenter Server: vCenter.domain.local"

After than the "Add Host Wizard" is shown, and ask me for credentials, entering the credentials will not fix it, the following error message appear:

"Request timeout"

Investigating a bit on the log files, I found the following warnings record in the host-A vpxa.log (/var/log/vpxa.log):

[3F1AEB90 warning 'Libs'] SSL_VerifyX509: Certificate verification is disabled, so connection will proceed despite the error

The problem is experience is not related to the update but to the reboot of the server and a problem of communication between vCenter and the ESXi host.

This is happening since I updated the certificates following the kb2015383 (Implementing CA signed SSL certificates with vSphere 5.0)

Information about the infrastrucutre:

- since all ssl certificates were installed, they are no warnings of unknown ceriticates.

- the new certificates were issued by an internal CA

- all vSphere modules were updated with the new certificates (SSO, update manager, vcenter, inventory, webservices, webclient)

- all ESXi hosts were updated with a new certifcates with the FQDN (host-A.domain.local), browsing the website of the host confirm the correct certificate present

- when the host was connected to vCenter, all communications worked fine. Managing VMs and configuring the host

- I'm able to connect to the ESXi host-A directly from vSphere client without certificate warnings or errors, all features are available

- the ESXi hosts security profile is setup correctly. vpxa is running, and the firewall is allowing connections

- the hosts are setup to an internal DNS server. The DNS A records are pointing to the right hosts' IPs

- the hosts network "Custom DNS Suffixes" are set to "domain.local"

- the hosts are jointed to the domain

- Restarting the Management Network or the Management Agents don't solve the problem

- Restarting the ESXi host don't solve the problem

- from vCenter server I'm able to telnet to host-A port 902, the welcome message is "220 VMware authentification Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC, VMXARGS supports"

- I presume if I reboot the ESXi host-B, the same behave will happened.

A few days ago I had the same problem with reconnecting to host-A problems, at that moment, the network settings were set to DHCP, I changed the setting to STATIC with the exact same IP/subnet and gateway, and then the host-A was immediately found by vCenter when doing reconnect.

Still today the IP is still set as STATIC.

The same reconnection problem occur here, so I presume it's not linked to the IP setting

If someone have an idea how to fix this, I will be glade to hear it :-)))))))))

Thank you in advance