Search the VMware Knowledge Base (KB)
View by Article ID

ESXi host fails to connect with the NSX controllers (2151089)

  • 0 Ratings

Symptoms

  • ESXi host is unable to connect to the Control Plane.

  • In the netcpa.log file, you see entries similar to:

    2017-06-07T00:47:56.461Z error netcpa[37140B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read
    2017-06-07T03:17:57.439Z error netcpa[37603B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read
    2017-06-07T06:17:58.561Z error netcpa[37181B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.10:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read
    2017-06-07T07:47:59.128Z error netcpa[36D81B70] [Originator@6876 sub=Default] SSL handshake failed on 172.16.0.11:0 : error = SSL Exception: error:140000DB:SSL routines:SSL routines:short read

  • In the vsm.log file, you see entries similar to:

    2017-06-06 17:10:50.785 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.10) return error org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.10:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

    2017-06-06 17:11:00.811 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.9) return error
    org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.9:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

    2017-06-06 17:11:07.707 GMT+00:00 ERROR NVPInactiveNodeCheck NvpRestClientManagerImpl:891 - nvp controller node 172.16.0.10 fails: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://172.16.0.10:443/ws.v1/login": Connect to 172.16.0.10:443 [/172.16.0.10] failed: connect timed out; nested exception is org.apache.http.conn.ConnectTimeoutException: Connect to 172.16.0.10:443 [/172.16.0.10] failed: connect timed out

    2017-06-06 17:11:10.818 GMT+00:00 ERROR NVPStatusCheck NvpRestClientManagerImpl:794 - nvp controller node (172.16.0.11) return error
    org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://172.16.0.11:443/ws.v1/control-cluster/node?fields=cluster_mgmt_listen_addr,uuid,tags": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

  • In the Controller logs, you see entries similar to:

    2017-06-06 18:32:50,347 19123181348 [listener] INFO com.vmware.controller.server.Listener - Accept Connection [ip=172.24.2.26:46115, cnnId=21264] from /172.24.2.26:46115
    2017-06-06 18:32:50,357 19123181358 [reader 3] ERROR com.vmware.controller.server.ssl.SelfSignedX509TrustManager - Unknow chassis certificate: [
    [
    Version: V3
    Subject: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US"
    Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
    Key: Sun RSA public key, 2048 bits

    modulus: 22911650522799465929163707326918080254704523027188317203645647153931638466371122064197258058841116911989320009855294745617721779386019557021249605122136935010401
    36836560115024772432023329796195620130983113379731661924922830333592692791543147876405959524921451570805385813377696469386291738246946920048747704248124484079384552745316
    66112531666589757995492441394796111464829401754007815754348273682553447185738440211794264079252464938057216938803523707224061663150480722911564461043934851115967587589348
    39992978266706878205075684179188691037974878624050280597452927405166323249390673946856460750742686036206044340415301
    public exponent: 65537

    Validity: [From: Fri Apr 28 10:14:16 UTC 2017,
    To: Tue Sep 13 10:14:16 UTC 2044]
    Issuer: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US"
    SerialNumber: [ 015bb40d d45c]

    >2017-06-07T14:28:04.785693+00:00 2017-06-07 14: 28:04,785 19194224947 [reader 1] ERROR com.vmware.controller.server.ssl.SelfSignedX509TrustManager - Unknow chassis certificate: [#012[#012 Version: V3#012 Subject: CN="VMWare VXLAN Host Certificate host-11573 OU=Nectworking O=VMWare ST=CA C=US"#012 Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11#012#012
    Key: Sun RSA public key, 2048 bits#012 modulus: 229116505227994659291637073269180802547045230271883172036456471539316384663711220641972580588411169
    119893200098552947456177217793860195570212496051221369350104013683656011502477243202332979619562013098311337973166192492283033359269279154314787640595..
     
          Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs when the controller fails to authenticate the certificate of the host causing the handshake to fail.

Resolution

This is a known issue affecting NSX for vSphere 6.2.4 and later releases.
 
Currently, there is no resolution.

To work around this issue, perform a full sync to the controllers to pick up the new certificate.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: