Issue:
PowerChute Network Shutdown v5 reports "Could not connect to Host over the network." when configuring with VMware ESXi 8 host.
Product:
PowerChute Network Shutdown version 5
Environment:
VMware ESXi 7 or 8 host that VMware vCenter Server does not manage.
Cause:
Security certificate created with the CN= localhost.localdomain
During the installation of ESXi, the installer generates a self-signed certificate for each ESXi host, but the process is performed before the ESXi identity is configured. This means all ESXi hosts have a common name in their self-signed certificate of localhost.localdomain.
See VMware document https://docs.vmware.com/en/VMware-Validated-Design/6.2/sddc-deployment-of-the-management-domain-in-the-first-region/GUID-6678F47A-00DA-43F1-8CCC-B8F279BF17B0.html
Solution:
1 - Verify that the ESXi host IP address and/or domain name have been entered correctly.
2 - Verify the ESXi host can be pinged from the PowerChute VM or server PowerChute is running on.
3 - Review the security certificate presented by the host. It should contain the host IP address or domain name as the CN.
To generate a self-signed certificate
1 - Login to the ESXi host over SSH
a. Requires ESXi shell and SSH access to be enabled on the host
2 - Back up the existing certificate files
PowerChute Network Shutdown v5 reports "Could not connect to Host over the network." when configuring with VMware ESXi 8 host.
Product:
PowerChute Network Shutdown version 5
Environment:
VMware ESXi 7 or 8 host that VMware vCenter Server does not manage.
Cause:
Security certificate created with the CN= localhost.localdomain
During the installation of ESXi, the installer generates a self-signed certificate for each ESXi host, but the process is performed before the ESXi identity is configured. This means all ESXi hosts have a common name in their self-signed certificate of localhost.localdomain.
See VMware document https://docs.vmware.com/en/VMware-Validated-Design/6.2/sddc-deployment-of-the-management-domain-in-the-first-region/GUID-6678F47A-00DA-43F1-8CCC-B8F279BF17B0.html
Solution:
1 - Verify that the ESXi host IP address and/or domain name have been entered correctly.
2 - Verify the ESXi host can be pinged from the PowerChute VM or server PowerChute is running on.
3 - Review the security certificate presented by the host. It should contain the host IP address or domain name as the CN.
If the CN = localhost.localdomain, create a new security certificate after adding the correct domain name to the host.
To generate a self-signed certificate
1 - Login to the ESXi host over SSH
a. Requires ESXi shell and SSH access to be enabled on the host
2 - Back up the existing certificate files
a. mv /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.old
b. mv /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.old
3 - Generate a new certificate that contains the FQDN for the CN value.
a. /sbin/generate-certificates
a. /sbin/generate-certificates
4 - Restart the hostd service on the host
a. /etc/init.d/hostd restart
5 - Login to the PowerChute VM
a. Edit /etc/hosts file and add the IP address and hostname of the ESXi host
Examples: 192.168.0.100 ESXiHost100.homelab.local or 192.168.0.100 ESXi100 if DNS is not configured.
For help with editing the hosts file, please see How to edit the hosts file on the system PowerChute Network Shutdown has been installed on to.
6 - Reboot the PowerChute VM
a. The command is init 6
7 - Login to the PowerChute web interface
a. Run the setup wizard
a. /etc/init.d/hostd restart
5 - Login to the PowerChute VM
a. Edit /etc/hosts file and add the IP address and hostname of the ESXi host
Examples: 192.168.0.100 ESXiHost100.homelab.local or 192.168.0.100 ESXi100 if DNS is not configured.
For help with editing the hosts file, please see How to edit the hosts file on the system PowerChute Network Shutdown has been installed on to.
6 - Reboot the PowerChute VM
a. The command is init 6
7 - Login to the PowerChute web interface
a. Run the setup wizard