Unable to see storage providers registered with vCenter Server

When we see storage providers in vCenter it displays empty list. This is very common issue in greenfield deployment and very easy to fix also.

vCenter Server ⇒ Configure ⇒ storage providers ⇒ empty list

So, the story is when you add hosts into vCenter cluster and enable vSAN on the cluster. ESXi hosts register vsanvp with vCenter automatically and storage provider list shows storage provider list.

The vCenter Server and the on-host VASA providers communicate over port 8080. This port must be open to register VASA providers. This is easy to check on either Windows or Linux vCenter.

vCenter Appliance:

Use the CURL utility to check the VASA Provider:

curl --insecure https://<host>:8080/version.xml

vsan-rvc:~ # curl --insecure https://10.10.10.4:8080/version.xml 

<vasa-provider><supported-versions><version
id="2"
serviceLocation="/vasa/services/vasaService"/></supported-versions></vasa-provider>

vCenter Windows Server:

Use a web browser to check the VASA Provider by navigating to ‘https://<host>:8080/version.xml’

<vasa-provider><supported-versions><versionid="2"
serviceLocation="/vasa/services/vasaService"/></supported-versions></vasa-provider>

Check ESXi host firewall:

Examine the host “Security Profile” and ensure that the ‘vsanvp’ rule is enabled to permit host communication over port 8080:

Check vCenter Server firewall:

On Windows vCenter Server, check that the Windows Firewall is either disabled, or that all VMware-installed rules are active. In addition, check for custom rules that may be interfering with port 8080 outbound or inbound.

You may see below errors while troubleshooting as per above:

root@vcenter01 [ ~ ]# curl --insecure https://10.10.10.15:8080/version.xml

curl:
(35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.15:8080

root@ vcenter01 [ ~ ]# curl --insecure https:// 10.10.10.16:8080/version.xml

curl:
(35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.16:8080

root@ vcenter01 [ ~ ]# curl --insecure https:// 10.10.10.17:8080/version.xml

curl:
(35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.17:8080

vsanvpd logs on host: 

cd /var/log/vsanvpd.log

2018-07-17T09:40:34.577Z
vsanSoapServer: run:132:Client auth enabled

2018-07-17T09:40:34.578Z
vsanSoapServer: run:139:To accept SOAP socket

2018-07-18T06:02:53.570Z
vsanSoapServer: run:182:Failed to accept client ::ffff:10.47.72.11 [30]: Error
observed by underlying SSL/TLS BIO: Connection reset by peer

2018-07-18T06:02:53.570Z
vsanSoapServer: run:186:SOAP process done

2018-07-18T06:02:53.570Z
vsanSoapServer: run:139:To accept SOAP socket

2018-07-18T08:24:22.298Z
vsanSoapServer: run:182:Failed to accept client ::ffff:10.47.72.11 [30]: Error
observed by underlying SSL/TLS BIO: Connection reset by peer

 

Checking at logs and curl utility it clearly displays that vCenter is unable to communicate to ESXi host on port 8080 for VASA & 9080 IO Filter

Note: I always recommend to open ports 8080 & 9080 bidirectionally on the firewall or proxy exists between vCenter Server and ESXI Hosts. There are various deployment methods where vCenter Server is deployed out of clusters e.g Multilicensing vxRail clusters.

 

I hope this has been informative for you. Thank you for reading!!

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*