Currently I have all components running in the same VLAN.

You should have stretched L2 network for VSAN network in your 2-nodes ROBO site, and another VLAN for VSAN traffic in the witness site.

Static routes should be configured between VSAN vmkernel ports in the ROBO site and the VSAN vmkernel port in the witness site.

This is a network requirement for VSAN ROBO configuration. Please see below:

Network Design for Stretched Clusters

Regards,

Thanks Bob.

I simply enabled vSAN on my cluster, was able to set up the storage successfully, passed all of the checks, then when I enabled stretched cluster and set up my two fault domains, I was able to add the witness with no errors either.  So, I'm not sure why this is happening.  Here's a few screen shots:

From Witness:

From Host 1:

From Host 2:

I've tried adding 3 different witness hosts, all of which were installed from scratch.

I'll get to work on trying some of your troubleshooting tips

Hello GatorMania93​,

Are you installing these Witnesses with the same ESXi build as the data-nodes?

How are your interfaces configured?

Are these all on the same L2 network in same subnets?

If there is no communication between nodes over these interfaces then try untagging the existing vsan and/or witness interfaces, try creating a new interface on the Witness in the same subnet as the vSAN-enabled vmk on the data-nodes and just tag it for vsan traffic not witness (-T=vsan) and see can they communicate.

Edit: Yes I am fully aware this is not how a 2-node DirectConnect should ideally be configured but testing where the issue is here.

Bob

Looks like that might be my issue, Bob.  I can ping the VMKernel NICs between hosts, but cannot ping the Witness from either host (or vice versa).

I should also mention that the VMKernel NICs are direct connected between both hosts.  However, I thought that route could be substantiated by running

esxcli vsan network ipv4 add -i vmk0 -T=witness   on each host, whereas vmk0 is my management interface.