Hello vComunnity,

The other day I came across this interesting situation,

Running a vSAn skyline health was showing everything green but running it inside the nodes (localcli vsan health cluster get) says that is red:

In order to obtain more information about it you could run the following command and see which hosts this host cannot connect with:

esxcli vsan health cluster get -t “Hosts with connectivity issues”

My preferred way is to validate the issue is to check the /var/run/log/vsanmgmt.log, look for SSL error like this:

error vsand[10450841] [opID=0d02566e VsanVimHelpers::GetVsanVersionNamespace] Failed to test vsan vmodl version with error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:728) on 159.70.xxx.xxx

Time to fix this, Just go to VC -> (host) -> Configure -> System -> Certificate

Hit renew (wait for it to complete) then hit refresh (do this on each host you identified with SSL issues)

Now the command’s output comes without network issues:

Network                                             green
  Hosts with connectivity issues                    green
  vSAN cluster partition                            green
  All hosts have a vSAN vmknic configured           green
  vSAN: Basic (unicast) connectivity check          green
  vSAN: MTU check (ping with large packet size)     green
  vMotion: Basic (unicast) connectivity check       green
  vMotion: MTU check (ping with large packet size)  green
  Network latency check                             green

Hope this was a cool post for you guys to know,

Do now hesitate in contacting me if you have any comments,

Jorluis

Buy me a coffeeBuy me a coffee