2013/04/08

Upgraded ESXi host has errors, won't permit some operations

I have some ESXi hosts that were 4.x, then upgraded to 5, then 5.1 .  As of today, they have errors that complain about the HA agent being broken.  They also won't let me enable/disable the SSH service nor modify the firewall configuration.

The error for the SSH service starts with 'Call "HostFirewallSystem.DisableRuleset" for object' .

These two articles provide the answers. After following the first step, I no longer get the error about SSH and firewall.

After following the second article, my HA agent is no longer complaining.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2037544

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1003490

Boiling the steps down, I have
  1. Fix SSH and firewall
    1. enable ssh on the host (if not already enabled); this is under host --> configuration --> security profile
    2. ssh to the host
    3. cd /etc/vmware/service
    4. cp services.xml service.xml.bak
    5. vi services.xml (remove the line with "sshServer")
    6. esxcli network firewall refresh
    7. disable ssh on the host (but don't close your connection if you're going to continue with the next process)
  2. Restart the ESXi host agents
    1. On the host, run this command: /sbin/services.sh restart
    2. this step takes a few minutes to complete.