Hi friends! Due to a query that arose in the VMware Community, I decided to do this post to better explain about the subject.
The ESXi host sends a heartbeat to vCenter Server to signal that the host is accessible by the management network.
The ESXi host sends heartbeats every 10 seconds to vCenter Server. By default, this traffic is sent over UDP port 902. vCenter Server has a window of 60 seconds to receive the heartbeats. If the heartbeat is not received in 60 seconds, vCenter Server considers that the host is not responding.
Identifying Possible Causes
We can use the top-down approach to troubleshoot the problem. We start from vCenter Server and work your way down to the physical hardware.
Possible Cause: Port Blocked by Firewall
If the firewall is enabled and UDP port 902 is blocked, we view the ports blocked by the vCenter Server Appliance firewall.
To resolve this problem, we adjust the firewall settings on the vCenter Server Appliance virtual machine:
• If ports are not configured, disable the firewall.
• If the firewall is configured to affect ports, ensure that the firewall is not blocking UDP port 902.
We check the firewall on the vCenter Server Appliance virtual machine. If the ports are not configured, we disable the firewall. If the ports are configured, we verify that network traffic is allowed to pass from the ESXi host to the vCenter Server system. That is, the firewall is not blocking UDP port 902.
We follow these steps to edit the settings on your vCenter Server Appliance firewall:
1. Log in using the vSphere Client.
2. Click the Home icon.
3. Select Administration.
4. Click System Configuration.
5. Expand nodes.
6. Select the vCenter Server Appliance node.
7. Click the Manage tab.
8. Click Settings.
9. Expand Advanced.
10. Click Firewall.
11. Click Edit.
Possible Cause: vCenter Server Not Using Port 902
A rule in the ESXi firewall allows vCenter Server Heartbeat traffic. If vCenter Server is configured to receive traffic over an alternate port, that traffic is possibly blocked. We determine whether an ESXi host is using a port other than the default port 902. At the ESXi host command prompt, we enter the less /etc/vmware/vpxa/vpxa.cfg command to determine the port in use. The port number in use is contained in the serverPort tags.
In this example, serverPort is set to port 9020, not to the default port.
Checking Heartbeat Port Number and Creating New Firewall Rule
If any other port (default port 902) is used to send the heartbeat, we verify that the firewall is configured to allow traffic on that port.
To add a firewall rule to the ESXi host, we follow these steps:
- Use SSH to connect to the ESXi host.
- Navigate to the /etc/vmware/firewall directory: cd /etc/vmware/firewall
- Use a text editor, such as vi, to create a file named service.xml
4. Enable the new firewall rule: esxcli network firewall refresh
Checking Heartbeat Port Number Configured During vCenter Server Installation
To verify the heartbeat port number that was configured during installation, we check the vCenter Server configuration:
• By default, the heartbeat port is 902.
• If the vCenter Server is installed using the command-line installer, you can use any other port for the heartbeat traffic.
• We log in to vCenter Server Appliance using SSH and run the following commands to find the heartbeat port:
root@sa-vcsa-01 [ ~ ]# install-parameter vpxd.ext.port1 902
root@sa-vcsa-01 [ ~ ]# install-parameter vpxd.ext.port2 902
root@sa-vcsa-01 [ ~ ]#
Best practice is to use the default port (UDP 902) for vpxa and vpxd communication. We configure vCenter Server and the ESXi hosts to use the default port instead of a non-default port. Before changing the port number on vCenter Server, we must verify that no other application is using this port.
We can set a different port only during the installation of vCenter Server Appliance and only if you use the command-line installer. The port must be set with a JSON parameter.
Changing the Heartbeat Port Number To change the heartbeat port number, we can edit the Advanced vCenter Server Settings.
Closing Note
I hope it has been useful to you. See you next!