VMware Cloud Community
Jonsaenz
Contributor
Contributor
‎11-07-2013 12:00 PM
Jump to solution

ESXI 5.1 host disconnects from vcenter, when reconnected SSL thumbprint has changed.

I am having an odd issue with only 1 of 5 hosts connected to a cluster inside of vcenter. One host randomly disconnects from vcenter.

I right click the host and select connect. I get the default warning that "reconnecting a host will override any resource management changes that were made directly on the host....". I select yes.

I then get an error

Authenticity of the host's SSL certifcate is not verified. Only option is to close.

Then I am taken to the add host wizard. where I can enter the IP and root password to add the host back to the cluster.

I now get a security alert:

"Unable to verify the authenticity of the host: the SHA1 thumbprint of the certificate is: "

The shown thumbprint is different everytime I add this host.

I have worked through the following vmware KB's with no resolution.

VMware KB: Diagnosing an ESXi/ESX host that is disconnected or not responding in vCenter Server

VMware KB: ESXi/ESX host disconnects from vCenter Server after adding or connecting it to the invent...

VMware KB: Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi y

We have tried, replacing the network card that the management network is on, replacing cables, switch the port on the switch this machine is plugged into, completely reinstalling esxi. Nothing has solved this issue.

Does anyone have any other things to try?

0 Kudos
1 Solution

Accepted Solutions
Jonsaenz
Contributor
Contributor
‎11-14-2013 12:15 PM
Jump to solution

Turns out the problem was that our nimble was taking up ip's that it wasn't supposed to and it was a duplicate IP of that esxi host. Very odd behavior. But this is the fix.

View solution in original post

0 Kudos
4 Replies
MKguy
Virtuoso
Virtuoso
‎11-07-2013 12:10 PM
Jump to solution

The shown thumbprint is different everytime I add this host.

That sounds weird. Did you check if the certificate on the host in /etc/vmware/ssl/rui.crt is really changing constantly? You can check the thumbprint of the base64'd certificate file on the local console with openssl x509 -text -in /etc/vmware/ssl/rui.crt

You can also connect with your browser to your host and check the presented SSL certificate.

Did you restart the management agents and completely remove the host from vCenter and re-add it in?

-- http://alpacapowered.wordpress.com
0 Kudos
Jonsaenz
Contributor
Contributor
‎11-07-2013 02:13 PM
Jump to solution

Thanks for the reply.

No I have not checked that this has changed. I will take note what is currently there and check it when it disconnects again.

0 Kudos
Jonsaenz
Contributor
Contributor
‎11-07-2013 03:18 PM
Jump to solution

I just checked it and the host's certificate at /etc/vmware/ssl/rui.crt is actually staying the same.

Also, I have attempted removing the host from vcenter and adding it along with restarting the management agent, to no avail.

0 Kudos
Jonsaenz
Contributor
Contributor
‎11-14-2013 12:15 PM
Jump to solution

Turns out the problem was that our nimble was taking up ip's that it wasn't supposed to and it was a duplicate IP of that esxi host. Very odd behavior. But this is the fix.

0 Kudos