VMware Cloud Community
COS
Expert
Expert
Jump to solution

Can't add ESX 6.0 host to vCenter 6.0 Server

OK, I am testing in the lab a vsan cluster for 6.0.

I have my esx hosts running 6.0.0 and vcenter server is 6.0.0 also.

I have platform services on one vm and vcenter on another. I was able to create a datacenter and then a cluster underneath.

Next I went to try and add a host to my cluster and I get this error....

Cannot contact the specified host (hostname\IP). The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.


Per this KB: VMware KB: Adding a VMware ESXi/ESX host to VMware vCenter Server fails


I confirmed that my vcenter server and platform services server can see all the esx hosts. From within the vcenter server, it can ping the esx hosts and putty can get to all of them. I even installed the thick client and it can connect to all the esx hosts. I used netbios name, FQDN and IP and they all worked.

I only have one subnet so that's not an issue. DNS resolution works across the board from both directions, from vcenter to esx hosts and esx hosts to vcenter.


I'm quite stumped. :smileyconfused:



1 Solution

Accepted Solutions
COS
Expert
Expert
Jump to solution

OK, after working with VMware on this issue, I think I figured it out.

All my hosts are DL360 G6 Servers.

All my hosts are run the same build ESX from "VMware-ESXi-6.0.0-2494585-HP-600.9.2.38-Mar2015.iso". Downloaded from HP.

All builds are in Evaluation mode.

After placing a call to VMware, they had me build some ESX VM's, platform services and vcenter VM's on an ESX host. We hung up because it took all day to spin up.

Once I got all the pieces (sql server, esx vm's, platform server & vcenter) up in the nested virtualization, I created my Datacenter, then Cluster then added the ESX hosts.

The hosts added fine, no errors. Then I remembered when I installed ESX inside a VM, I got upset that the iso I used from HP wouldn't work in my nested VM because of the virtualized hardware.

Then a the light came on in my head. Let's rebuild the entire physical cluster but NOT use the HP provided iso file but use the VMware provided iso file "VMware-VMvisor-Installer-6.0.0-2159203.x86_64.iso".

I did that today. I rebuilt all the ESX hosts with the VMware provided iso file.....

Spun up all the required VM's SQL Server, Platform Services VM, vCenter VM. My AD & DNS VM's are on another server so it's been up the whole time.

Logged into the web interface (Yuck!).

Created my Datacenter....

Created My Cluster....

Added all the hosts to my Cluster.

It all worked!!!!

So, if you are experiencing the same issue I am, consider building your ESX hosts with the VMware provided iso file and try it. In my case, the HP provided iso file did not function properly for me.

I also downloaded the HP iso file 2 other times to make sure and do a sanity check and it did the same thing.

_______________________________________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

View solution in original post

27 Replies
COS
Expert
Expert
Jump to solution

If it means anything, I tried to add an ESX 5.5 U2 host to my vCenter 6.0.0 and it did not come up with that error.....:smileyshocked:

Also, firewall is off on the platform services server and vcenter server.

No antivirus client either.

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

Also, just to be sure that DNS and the IP's are working, I shut down all the ESX 6 hosts and ping'd all the hosts IP and no reply. I also pinged the hostnames and FQDN and  there was no reply but DNS returned the correct name and IP.

So it doesn't seem to be an issue with another machine taking the IP adresses.

Anyway, just pulling at straws.....Smiley Wink

Reply
0 Kudos
Alistar
Expert
Expert
Jump to solution

Hello, can you please post vpxa.log from vCenter Server, hostd.log and vmkernel.log from the ESXi host right after you have tried to connect the ESXi hosts to the vCenter Server?

Stop by my blog if you'd like 🙂 I dabble in vSphere troubleshooting, PowerCLI scripting and NetApp storage - and I share my journeys at http://vmxp.wordpress.com/
Reply
0 Kudos
COS
Expert
Expert
Jump to solution

Per this URL ( VMware KB: Location of VMware vCenter Server 6.0 log files ) the logs are supposed to be in "%ALLUSERSPROFILE%\VMWare\vCenterServer\logs folder" but there is nos such directory.

I attached the ESX logs though.

any idea where the vCenter 6 logs are?

Thanks

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

Found it...... I think.

Is this the one?

Line 6039 has this series of entries....

2015-05-20T13:14:00.404-07:00 error vpxd[03196] [Originator@6876 sub=HttpConnectionPool-000001] [ConnectComplete] Connect failed to <cs p:0000000007ad5d80, TCP:vsan-01.sky.net:443>; cnx: (null), error: class Vmacore::Ssl::SSLException(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2015-05-20T13:14:00.405-07:00 error vpxd[02896] [Originator@6876 sub=httpUtil opID=2cf120a3] [HttpUtil::ExecuteRequest] Error in sending request - SSL Exception: error:140000DB:SSL routines:SSL routines:short read

2015-05-20T13:14:00.407-07:00 error vpxd[02896] [Originator@6876 sub=HostAccess opID=2cf120a3] [VpxdHostAccess::Connect] Failed to discover version: vim.fault.HttpFault


Keep in mind there is no firewall and they are all on the same subnet and connected to the same switch.

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

According to your vpxd log you have issue with the host certificate.

2015-05-20T10:21:58.554-07:00 error vpxd[02872] [Originator@6876 sub=HttpConnectionPool-000001] [ConnectComplete] Connect failed to <cs p:00000000022fbca0, TCP:vmlab-vsan-plt.sky.net:443>; cnx: (null), error: class Vmacore::Ssl::SSLVerifyException(SSL Exception: Verification parameters:

--> PeerThumbprint: A7:23:A3:09:0C:59:1A:B5:51:6D:1C:FA:70:E5:1C:24:11:12:A8:8C

--> ExpectedThumbprint: A3:CB:1F:C8:9B:81:0C:33:8D:CB:51:AB:A0:0D:D0:B5:2A:F0:55:DB

--> ExpectedPeerName: vmlab-vsan-plt.sky.net

--> The remote host certificate has these problems:

-->

--> * The host certificate chain is incomplete.

-->

--> * unable to get local issuer certificate)

2015-05-20T10:21:58.563-07:00 error vpxd[02760] [Originator@6876 sub=HostGateway] [CisConnection]: Error getting trusted STS certificates: SSL Exception: Verification parameters:

As per the below article for the above problem you need to recreate the host certificate.

VMware KB: Opening the virtual machine console after a fresh installation of ESXi or ESX fails with ...

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

The DNS name "vmlab-vsan-plt.sky.net" is the Windows 2012 R2 Platform Services VM.

The URL you listed resets the certificate of the ESX host. Not sure how that's related but I gave the good ol college try and performed the steps anyway on the 2 vsphere 6 ESX hosts.

I got the same error.

Thanks

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

What are the hosts names you are trying to connect?

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

Did you also try unchecking the vcenter option " vCenter requires verified host SSL certificates" and try connecting.

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

The esx host names are...

vsan-01.sky.net

vsan-02.sky.net

vsan-03.sky.net

The Management VM's are

vmlab-vsan-plt : Platform Services VM

vmlab-vsan-vct: vCenter Server

If this segment of the vpxd12.log file means anything to anyone let me know Smiley Happy

2015-05-20T13:14:00.417-07:00 info vpxd[02896] [Originator@6876 sub=Default opID=2cf120a3] [VpxLRO] -- ERROR task-internal-1451 -- datacenter-21 -- vim.Datacenter.queryConnectionInfo: vim.fault.NoHost:

--> Result:

--> (vim.fault.NoHost) {

-->    faultCause = (vmodl.MethodFault) null,

-->    name = "vsan-01.sky.net",

-->    msg = ""

--> }

--> Args:

-->

--> Arg hostname:

--> "vsan-01.sky.net"

--> Arg port:

--> -1

--> Arg username:

--> "root"

--> Arg password:

--> (not shown)

-->

--> Arg sslThumbprint:

-->

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

I went to that setting and it's greyed out and I can't change it. I am logged in as administrator@vsphere.local.

How do I uncheck it?

Thanks

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

OK, so I have read that it is not possible to uncheck " vCenter requires verified host SSL certificates" because SSO requires it.

I'm still back at square one of my original post......lol

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

Anyone else having similar problems or is it just me?

I'm about to blow away the 3 node lab and start over.

Thanks

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

Did you try telnet the hosts from the vcenter over port 443 and also try openssl to check the SSL connection

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

Telnet connects and my cursor goes to the top left and blonks? Good? Bad? I'm not sure......lol

I don't quite understand how to "try openssl to check the SSL connection".

Can you elaborate?

Thanks

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

Yes telnet is good and connected to 443. I have installed openssl and from the command prompt I ran the following commands to check the SSL certificate on the other machine.

openssl s_client -connect bharath-pc:443 -ssl3

openssl s_client -connect bharath-pc:443 -tls1

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

I ran those commands on both the platform controller and the vcenter and I get outputs like below....

WARNING: can't open config file: /usr/local/ssl/openssl.cnf

Loading 'screen' into random state - done

CONNECTED(00000124)

depth=0 CN = vmlab-vsan-vctr.sky.net, C = US

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = vmlab-vsan-vctr.sky.net, C = US

verify error:num=27:certificate not trusted

verify return:1

depth=0 CN = vmlab-vsan-vctr.sky.net, C = US

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

0 s:/CN=vmlab-vsan-vctr.sky.net/C=US

   i:/CN=CA, dc=vsphere,dc=local/C=US/O=vmlab-vsan-plat

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDeTCCAmGgAwIBAgIJAP3Ns9uiXC7uMA0GCSqGSIb3DQEBCwUAMEkxIDAeBgNV

BAMMF0NBLCBkYz12c3BoZXJlLGRjPWxvY2FsMQswCQYDVQQGEwJVUzEYMBYGA1UE

CgwPdm1sYWItdnNhbi1wbGF0MB4XDTE1MDUyMTIyMDg0NloXDTI1MDUxNTA1Mzc0

N1owLzEgMB4GA1UEAwwXdm1sYWItdnNhbi12Y3RyLnNreS5uZXQxCzAJBgNVBAYT

AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIgBSavvdEzeAiW6

o9SHsY2CJ8lac7JBKKFUWDql7mElG4ggfU2G9/Ry7r7J4Peqn1llxU/ZhCh/79IB

I7lAeYTXEjavaAE3MdzdXFwAz5KRC1rUmOfKru4NhhI7HAbqm+eLZHjG6hgCg2Ek

46AqgH7uljYhkQapzTOX9e3z/hhP5n6UCOM9hqWaRsaQt4IcT6rSHHhUn7SH2LFs

cS8yxqhjpKFtsk9kPHdeH3k9wkybmyA5rzCjnDZSYCkTigU86oUOnkg7lZbGqfF3

BgB/L7USdINEo2ol0djkn9WgfKj/gFkLOxBN1gRrV/V57UbNbVeVWy1GcG4H3WS+

c2FnDQIDAQABo34wfDA6BgNVHREEMzAxhwQKCQgahxAAAAAAAAAAAAAAAAAAAAAB

ghd2bWxhYi12c2FuLXZjdHIuc2t5Lm5ldDAfBgNVHSMEGDAWgBQ2qY6BuwdVtIm9

NoEraepfPI8jMTAdBgNVHQ4EFgQUvqYW/wiewRzc91UqzGzEpf4C7p8wDQYJKoZI

hvcNAQELBQADggEBAF9Wdv5ApcvdGUH6mbO1xibztXogkd3QWFEy6yNqCg5On2+Z

h2IYBboweLzGMHrj62l4sCAAXu5GTu6s29Ltw2dVnzTM19B8hA/JRYquaKTu3bgq

gRQC7eAO8adLwC6ztCE2k63rnrXpoNKWfHqK+kRYiNpewiNfS0Vmo13u3ngN6JGS

wU2NxaxGDxKA42xvKRV28llGmk5GPbHjYcsCqHabbLXp4f7aUm7kuj36VNFkBNxr

+S7QNYUtE65U6/VptRbiGrI1Mll2CBYz/Khlvhe0fZotePDBunTw1wALaydImmpG

yCyXUA5Gj0kyCoNP3HeXXaQx8jeyoCYtQ21QHXU=

-----END CERTIFICATE-----

subject=/CN=vmlab-vsan-vctr.sky.net/C=US

issuer=/CN=CA, dc=vsphere,dc=local/C=US/O=vmlab-vsan-plat

---

No client certificate CA names sent

---

SSL handshake has read 1046 bytes and written 490 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : SSLv3

    Cipher    : AES256-SHA

    Session-ID:

    Session-ID-ctx:

    Master-Key: 5954D9D5B6947A2F12F215CC157268FD8ACCA7976477BE9BDD5C1333DAF40980

4A53CFA4FAAA0201B200D32B0CC53490

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    Start Time: 1432250668

    Timeout   : 7200 (sec)

    Verify return code: 21 (unable to verify the first certificate)

---

read:errno=0

C:\>

NOTE: Servernames have changed since yesterday because I rebuilt the LAB from scratch.

Reply
0 Kudos
bharathl
Enthusiast
Enthusiast
Jump to solution

I compared the vcenter certificate with ours and it looks same. Can you paste the output when you connected to the ESXi host also.

Reply
0 Kudos
COS
Expert
Expert
Jump to solution

That's my problem. I can't connect an ESX(i) host. Everytime I try, I get this error...

"Cannot contact the specified host (hostname\IP). The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding."

Thanks

Reply
0 Kudos