Cannot Contact the Specified Host Error

Workaround for the Cannot contact the specified host” error

This article describes how to work around the “Cannot contact the specified host” error when connecting an ESXi host to a vCenter after upgrading it to 5.5 U3b.

” Cannot contact the specified host. The host may not be available on the network, a network configuration problem may exist, or the management service on this host is not responding “

This error comes about due to SSLv3 and its associated POODLE vulnerability being disabled in the latest update – 5.5 U3b. The vCenter tries to talk SSL v3 to the host which is dropped straight away with a FIN return packet from the host.

The ideal solution is to upgrade your vCenter to 5.5 U3b. Should this not be an option for whatever reason, you can enable SSL v3 on your ESXi host – be aware of the security implications though!

There are two parts where you need to enable SSLv3:

1. Enabling SSLv3 for Hostd – Port 443

1. Open a SSH to this ESXi host.
2. Browse to this location using the below command:

# cd /etc/vmware/rhttpproxy

3. Backup the config file:

# cp config.xml config.xml.bak

4. Edit the file using the below command (Press i to begin edit)

# vi config.xml

Locate the <vmacore>, then locate the <ssl> Under <ssl> add the following entry:

<sslOptions>16924672</sslOptions>

5.Save the file by pressing Esc and then typing :wq!

2. Enabling SSLv3 for Port 902 (Required to connect to vCenter)

1. From the same SSH of the host, run the below command:

# esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""

Restart the rhhtpproxy using the below command:

# /etc/init.d/rhttpproxy restart
That’s it, now you can connect this ESXi 5.5 U3b host to a lower version of vCenter. To reiterate: this is not a recommended practice as it will expose the host to the SSLv3 POODLE vulnerability.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.