Issue:
PowerChute Network Shutdown v5 reports "Could not connect to Host over the network." when configuring with VMware ESXi 8 host.
Product:
PowerChute Network Shutdown version 5
Environment:
VMware ESXi 7 or 8 host that VMware vCenter Server does not manage.
Cause:
Security certificate created with the CN= localhost.localdomain
During the installation of ESXi, the installer generates a self-signed certificate for each ESXi host, but the process is performed before the ESXi identity is configured. This means all ESXi hosts have a common name in their self-signed certificate of localhost.localdomain.
Solution:
1 - Verify that the ESXi host IP address and/or domain name have been entered correctly.
2 - Verify the ESXi host can be pinged from the PowerChute VM or server PowerChute is running on.
3 - Review the security certificate presented by the host. It should contain the host IP address or domain name as the CN.
Option 1: Regenerating ESXi Self-Signed Certificates Using Built-In Tools
1 - Login to the ESXi host over SSH
a. Requires ESXi shell and SSH access to be enabled on the host
2 - Back up the existing certificate files
a. /sbin/generate-certificates
a. /etc/init.d/hostd restart
5 - Login to the PowerChute VM
a. Edit /etc/hosts file and add the IP address and hostname of the ESXi host
Examples: 192.168.0.100 ESXiHost100.homelab.local or 192.168.0.100 ESXi100 if DNS is not configured.
For help with editing the hosts file, please see How to edit the hosts file on the system PowerChute Network Shutdown has been installed on to.
6 - Reboot the PowerChute VM
a. The command is init 6
7 - Login to the PowerChute web interface
a. Run the setup wizard
Option 2: Manual SSL Certificate Creation and Installation via OpenSSL
- mkdir /etc/vmware/ssl/bak
- mv /etc/vmware/ssl/rui.* /etc/vmware/ssl/bak/
2 - Using a text editor (e.g. notepad) and WinSCP, create a custom OpenSSL config file (webclient.cnf) with the following content and upload it in the /etc/vmware/ssl/ folder.
[ req ]default_bits = 2048default_keyfile = rui.keydistinguished_name = req_distinguished_nameencrypt_key = noprompt = nostring_mask = nombstrreq_extensions = v3_req[ v3_req ]basicConstraints = CA:FALSEkeyUsage = digitalSignature, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuth, clientAuthsubjectAltName = DNS:esxi.local, IP:192.168.1.100[ req_distinguished_name ]countryName = PHstateOrProvinceName = CavitelocalityName = CaviteorganizationName = YourCompanyorganizationalUnitName = ITcommonName = esxi.localopenssl genrsa -out /etc/vmware/ssl/rui.key 2048- openssl req -new -nodes -out /etc/vmware/ssl/rui.csr -keyout /etc/vmware/ssl/rui.key -config /etc/vmware/ssl/webclient.cnf
- openssl x509 -req -days 365 -in /etc/vmware/ssl/rui.csr -signkey /etc/vmware/ssl/rui.key -out /etc/vmware/ssl/rui.crt -extensions v3_req -extfile /etc/vmware/ssl/webclient.cnf
4. Restart the ESXi host services to apply the new certificate
/etc/init.d/hostd restart && /etc/init.d/rhttpproxy restart
Note: In certain cases, the steps outlined above may not successfully apply the updated SSL certificate. If the changes do not take effect, performing a full system restart of the ESXi host may be necessary to ensure the new certificate is properly loaded and recognized.
Publié pour: Schneider Electric Belgium
Besoin d'aide ?
Sélectionnez le bon produit
Trouvez rapidement et facilement les produits et accessoires adaptés à vos applications.
Obtenir un devis
Effectuez une demande de renseignements en ligne et un expert vous contactera.
Où acheter ?
Trouvez facilement le distributeur Schneider Electric local le plus proche.
Centre d'aide
Trouvez des ressources de support pour tous vos besoins, en un seul endroit.
