When we see storage providers in vCenter it displays empty list. This is very common issue in greenfield deployment and very easy to fix also.
vCenter Server ⇒ Configure ⇒ storage providers ⇒ empty list
So, the story is when you add hosts into vCenter cluster and enable vSAN on the cluster. ESXi hosts register vsanvp with vCenter automatically and storage provider list shows storage provider list.
The vCenter Server and the on-host VASA providers communicate over port 8080. This port must be open to register VASA providers. This is easy to check on either Windows or Linux vCenter.
vCenter Appliance:
Use the CURL utility to check the VASA Provider:
curl --insecure https://<host>:8080/version.xml vsan-rvc:~ # curl --insecure https://10.10.10.4:8080/version.xml <vasa-provider><supported-versions><version id="2" serviceLocation="/vasa/services/vasaService"/></supported-versions></vasa-provider>
vCenter Windows Server:
Use a web browser to check the VASA Provider by navigating to ‘https://<host>:8080/version.xml’
<vasa-provider><supported-versions><versionid="2" serviceLocation="/vasa/services/vasaService"/></supported-versions></vasa-provider>
Check ESXi host firewall:
Examine the host “Security Profile” and ensure that the ‘vsanvp’ rule is enabled to permit host communication over port 8080:
Check vCenter Server firewall:
On Windows vCenter Server, check that the Windows Firewall is either disabled, or that all VMware-installed rules are active. In addition, check for custom rules that may be interfering with port 8080 outbound or inbound.
You may see below errors while troubleshooting as per above:
root@vcenter01 [ ~ ]# curl --insecure https://10.10.10.15:8080/version.xml curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.15:8080 root@ vcenter01 [ ~ ]# curl --insecure https:// 10.10.10.16:8080/version.xml curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.16:8080 root@ vcenter01 [ ~ ]# curl --insecure https:// 10.10.10.17:8080/version.xml curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 10.10.10.17:8080
vsanvpd logs on host:
cd /var/log/vsanvpd.log
2018-07-17T09:40:34.577Z vsanSoapServer: run:132:Client auth enabled 2018-07-17T09:40:34.578Z vsanSoapServer: run:139:To accept SOAP socket 2018-07-18T06:02:53.570Z vsanSoapServer: run:182:Failed to accept client ::ffff:10.47.72.11 [30]: Error observed by underlying SSL/TLS BIO: Connection reset by peer 2018-07-18T06:02:53.570Z vsanSoapServer: run:186:SOAP process done 2018-07-18T06:02:53.570Z vsanSoapServer: run:139:To accept SOAP socket 2018-07-18T08:24:22.298Z vsanSoapServer: run:182:Failed to accept client ::ffff:10.47.72.11 [30]: Error observed by underlying SSL/TLS BIO: Connection reset by peer
Checking at logs and curl utility it clearly displays that vCenter is unable to communicate to ESXi host on port 8080 for VASA & 9080 IO Filter
Note: I always recommend to open ports 8080 & 9080 bidirectionally on the firewall or proxy exists between vCenter Server and ESXI Hosts. There are various deployment methods where vCenter Server is deployed out of clusters e.g Multilicensing vxRail clusters.
I hope this has been informative for you. Thank you for reading!!
Leave a Reply