4

I seem to be having quite a hard time adding a specific ESXi 6.5 (enterprise license) host to my vCenter Server (standard license). I currently have two ESXi 6.5 hosts running on Dell PowerEdge servers, and both hosts as well as the vCenter appliance are properly licensed. Host 1 resides at 10.1.W.X, host 2 at 10.1.W.Y, and vCenter was deployed via vCSA on host 2 with an IP of 10.1.W.Z. The two hosts reside on the same VLAN and they're hardwired to a Cisco switch. Routing is handled on a pfSense box at 10.1.W.A. I first added host 2 to vCenter without issue. I then attempted to add host 1 and received this error:

Cannot contact the specified host (10.1.W.X). The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.

I Google'd the issue and saw multiple possible fixes, to the solution, but none seemed to work. Here is a list of my troubleshooting attempts (in no particular order).

  • Pinging: I am able to ping all devices from my laptop and can login to the respective web clients. I tried to SSH into vCenter to ping host 1, however it kept saying my password was wrong so I gave up.
  • Assessing Lockdown: Lockdown is confirmed not enabled on host 1 or vCenter.
  • Services and Reboot: I rebooted the host (didn't help) and even started all the services possible, still nothing.
  • SSL Timeout: I changed the SSL timeout value as explained here, but to no avail.
  • Saying Screw It: After a while of messing with this issue and getting fairly fed up, I reimaged the USB drive in host 1 that contains the ESXi hypervisor. With a completely fresh licenced image, I still can't seem to add the host to vCenter.

At this point, I'm not sure what else to try to add this host. Ideas and thoughts would be greatly appreciated at this point.

EDIT:

I have done some further troubleshooting, and have found out the following through pings and packet captures:

1) The ESXi host is able to ping the pfSense router successfully. When I then try to ping the vCenter server, the ping does not receive a reply on the network.

2) The vCenter server is able to ping the pfsense router as well. When the vCenter server pings the ESXi host, a ping request and a ping reply is seen on the network, however there is 100% packet loss on the vCenter server.

It seems to me that at some point during the transmission to the vCenter server, traffic must be sent to the wrong place or the traffic must be blocked.

I have compared network settings of the two hosts, and the setup between the host that works and the host that can't be added is the same. The re-image of the problematic host also leaves me to believe that there is no issue with the host configuration.

SuperAdmin
  • 209
  • 3
  • 10
  • 6
    Why did you bother to obscure your RFC1918 addresses? It's pointless to do so, and only makes the question more difficult to understand. – EEAA Mar 26 '17 at 01:50
  • 3
    Also, what did VMware support say about this? They should be your first point of contact. – EEAA Mar 26 '17 at 01:51
  • @EEAA Having infrastructure IPs and subnets publicly available is a security concern. In addition, I am a student provided with free VMware software. Since I did not purchase these keys, I did not contact VMware support. – SuperAdmin Mar 26 '17 at 02:01
  • 6
    Posting your internal RFC1918 addresses is *not* a security concern. One would need to have access to your network to do anything with that information, and by that point it's too late anyway. Even without your host IPs, how long do you think it would take for me to find your ESXi hosts once in your network? Seconds. – EEAA Mar 26 '17 at 02:03
  • You need DNS A records and PTR records for the ESXi host so forward and reverse lookup works. Do you have them? – SamAndrew81 Mar 26 '17 at 02:03
  • @SamAndrew81 vCenter requires no such thing. – EEAA Mar 26 '17 at 02:04
  • 1
    @SamAndrew81 I have been using the IP address to connect both host 1 and 2. That way I can rule out any DNS issues, and the issue persisted. – SuperAdmin Mar 26 '17 at 02:05
  • 1
    I must be thinking of vCSA deployment, yes. – SamAndrew81 Mar 26 '17 at 02:07
  • 4
    On the IP address subject, I'll also note for your future reference that you must specify the subnet mask as well as the IP in order for people to have the information needed to help diagnose network problems. – EEAA Mar 26 '17 at 02:13
  • Sounds like the guest running vcenter may not be connected to the physical network of the esxi hosts. (Bridge needed). – Jeter-work Mar 31 '17 at 00:54
  • 1
    @SuperAdmin, EEAA is 100% right. Since you're using private IP addressing, there's no way we can get to your lab without knowing the EXTERNAL IP through which you connect from that lab to the internet, then hacking through it and any firewalls protecting it. At that point a simple ping scan would take about 3 seconds to show us all the hosts you mentioned and any others not discussed. However, if you provide the IPs with subnet masks for those hosts, we might find any errors. And confirming them will help you spot any typos in your config. – Jeter-work Mar 31 '17 at 01:00

0 Answers0