VMware Cloud Community
virtualtrenz
Contributor
Contributor

Compliance check error - Ruleset Fault tolerance doesn't match specification

I've checked everywhere, and I can't get anything that points to this error. I got a different error pertaining to the VMotion port group when I tried the compliance check and then when I joined the ESX server to the cluster, I get the error above when running the compliance check. Any ideas if this is valid or just a bug?

Reply
0 Kudos
6 Replies
GixxerDave
Enthusiast
Enthusiast

Anyone have a fix for this? We are getting the same error...

Reply
0 Kudos
GixxerDave
Enthusiast
Enthusiast

Here is the fix...I removed both PORTS for FT & VMotion while in maintanence mode then recreated them

then exit maintanence mode

then check and now compliant.

We have another node the cluster that has the same issue. Will try this fix and see if it works 2 time in a row!

Reply
0 Kudos
khushal
Contributor
Contributor

We also faced this issue, and got fixed by manually editing the HostProfile.

1. Open vCenter go to Home -- > Management --> Host Profiles

2. Right Click on the Host Profile you are using for your Cluster and Select Edit

3. Expand the profile Profile

- Profile-name

- Firewall configuration

* - Ruleset Configuration*

* - faultTolerance*

Select Ruleset and check the checkbox in right hand "*Flag Indicating whether ruleset should be enabled"

Click OK.

and check Compliance again in Cluster.

Hope this helps

Reply
0 Kudos
Gabrie1
Commander
Commander

I have this issue too but found a much easier fix.

1- do the compliance check one or two more times, see if that fixes it

2- if not, put the host in maintenance mode and do a new compliance check. Usually that fixes it for me.

I've never had to change anything to get rid of this message, but sometimes I do get another warning about DNS configuration. The only way to get rid of that is to just re-apply the profile.

http://www.GabesVirtualWorld.com
Reply
0 Kudos
allencrawford
Enthusiast
Enthusiast

I also have this issue.  For some reason on a server reboot it is not re-enabling the corresponding "CIM Server" and "CIM Secure Server" firewall services.  They were open (apparently) when I created the host profile, but then I reboot the server and they are no longer opened, so the compliance check fails.  I'm curious what sort of impact this is having on server health monitoring.  If these ports are not open, is vCenter able to get the CIM data?  They are listed under the "incoming connections" section, so I'd think I'd be OK, but the compliance issue is really annoying.

The stranger thing is that I've also seen them go away on their own, but at the time I didn't know what was causing the issue.  I suspect that maybe the services get re-enabled somehow automatically.  Either way, 5.0 U1 didn't fix the issue, so I'm probably going to open an SR to VMware.

Reply
0 Kudos
allencrawford
Enthusiast
Enthusiast

Whoops, I replied to the wrong thread (or made a thread up in my head).  My issue is not the same, I'm having issues with the CIM Server and CIM Secure Server firewall ports being closed on reboot (which may or may not be an issue, but is definitely causing some host profile compliance issues).

Reply
0 Kudos