cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

VMWare ESX 6.7 Hardware Health

6.5 Fix does not resolve issue on 6.7. sfcbd-watchdog is running and port 5989 is open.

Still get this error.

Hardware polling failed: Polling of chassis (CIM_Chassis class) failed. The underlying connection was closed: An unexpected error occurred on a send.

We have 3 ESXi 6.7 host and soon will have another one.

Has anyone have a solution?

28 Replies
Level 10

We've upgraded to 6.7 and still have hardware issues as well. My Virtualization Engineers say everything's clean on their end and we still have faulting hardware in Orion. It rears its head after they perform hardware maintenance, and that behavior has been consistent across a couple ESX hosts over the past few weeks. The fix that was working with 6.5 to clear the logs on the VMWare side isn't working with 6.7 it seems. I opened a case with SW support last night. Frustrating.

0 Kudos
Level 7

I was having issues monitoring esx 6.7 hosts with n-able (nCentral). This is what I had to do to resolve the issue.

ssh to the esx 6.7 host, logon as root

run command:

esxcli system wbem set --enable true

run command:

vim-cmd hostsvc/advopt/update Config.HostAgent.plugins.solo.enableMob bool true

run command:

/etc/init.d/sfcbd-watchdog stop

edit the sfcb.cfg file by running command:

vi /etc/sfcb/sfcb.cfg

i

add the following lines:

enableTLSv1:true

enableTLSv1_1:true

enableTLSv1_2:true

esc :wq Enter to save the file

run command:

/etc/init.d/sfcbd-watchdog start

In NCentral run the discovery again using their procedure:

https://success.solarwindsmsp.com/kb/solarwinds_n-central/VMWare-ESX-Monitoring-Requirements

0 Kudos
Level 8

It is solved for me

The problem was, since v6.7 -> TLS is disabled by default

i had to edit /etc/sfcb/sfcb.cfg and add the line: enableTLSv1: true

saved the file and restarted the service with: /etc/init.d/sfcbd-watchdog restart

@demollib I tried your workaround on ESXi 7.0 just to see if it worked (in a lab), and no joy, VM Monitor still fails with the same error.

0 Kudos

TLS1.0 and 1.1 are disable due to security reasons and should not be enabled at least for us. We are running ESXi 6.7 U2 and experiencing the same issue.

0 Kudos

thanks for sharing the update... which means it wont resolve even if the hosts are upgrade to U2...

0 Kudos

fyi, I also enabled tls 1.0 as a test and it did not resolve the issue. I have a case logged with VMware.

0 Kudos

thanks for letting everyone know.. please post your updates here once u hear from VMware...

0 Kudos

Per Solarwinds suppprt, this issue can be resolved by either enabling TLS1.0 on ESXi 6.7 (not recommended) or disabling TLS1.0 and 1.1 on the Solarwinds Pollers.

0 Kudos

i was told by support to enable TLS on 6.5 version but thats not working correctly on all ESX hosts... regd disabling of TLS on Solarwinds Pollers, i havent tried yet...

for now we are relying on iLO monitoring of each host for hardware health...

if you do succeed by using any option, then please let me know...

0 Kudos

Has anyone been able to solve this yet? We still cannot get the VMMonitor to work on VMWare 6 machones

0 Kudos

we dont see the TLS fix working on all hosts as the changes are getting reverted back to default on ESX host... not sure if 6.7 has already resolved this issue...

0 Kudos

why is TLS needed here?

And were these changes recommended by VMWare? And did this solve your hardware polling issue for all ESX?

We have more than 50 ESX servers where we are facing issues and currently doing hardware monitoring via ILO which is using up additional licenses...

0 Kudos

TLS is needed because the connection to the servers are on a secure transport layer.

Thats why port 5989 is needed. Its for HTTPS.

I don't know why solarwinds is not using HTTP (port 5988) or if this is configurable...

Since SSLv3 is not safe anymore vmware recommends to disable this. (default on v6.7)

The only choice now to establish a secure connection is by using TLS.

You can try this yourself by using the cimwalk tool found in the solarwinds installation folder.

Here is the Article about this tool: How to run a CIM walk against a VMware ESX Server VM - SolarWinds Worldwide, LLC. Help and Support

0 Kudos

we just tested this in one of the dev host and it worked fine... able to see the hardware health now...

Still getting it validated with the team to ensure it doesnt affect the prod systems in any way.. will confirm back...

Do you have an update for us? does this work and is it stable? appreciate any feedback, we will test now.

0 Kudos

Hi I have applied this on one ESX server where we enabled the TLS as suggested and from 1 week i do not see any issue...we will soon apply this for all our hosts..

And another update which i got from my VMware Team- There is a resolution from VMware end as well but it requires an  upgrade to patch U1 or something... it seems they have resolved it in that release...

0 Kudos

we have applied this for almost 20 hosts and keeping in observation for another week.. I shall post an update after that...

0 Kudos

Just to update on this... the setting is not working for all hosts and its getting overwritten i guess.. hence i would recommend to work with your tech teams, discuss and then enable...

for now we are taking the hardware monitoring via ILO...

0 Kudos

i remember checking port 5989 but that was showing open... so additionaly TLS needs to be enabled on ESX level?

and was this setting change verified with VMware OR you just changed it and tested?

0 Kudos