IO Filters marked offline in a vSAN cluster. One of the reasons can be the missing Self Signed SSL certificate in /etc/vmware/ssl/castore.pem Before making any changes in the system , please validate if the customer is using the third party certificates Configuring Custom Certificates on ESXi hosts to authenticate vSAN hosts https://kb.vmware.com/s/article/56441
You may find the below instances showing that SSL certs are not being verified for the hosts in the IOfiltervpd logs (ESXi : /var/log/iofiltervpd.log )
iofiltervpd[2099744]: IOFVPSSL_VerifySSLCertificate:239:Client certificate can’t be verifiedThe newly added Host may show the IOfilters providers as “online” You may find that the certificates located at /etc/vmware/ssl/castore.pem, have missing the “Self Signed Certificate” for the host with IOfilters offline Following is Self signed certificate which must be part of the /etc/vmware/ssl/castore.pem file
You may follow the below steps :
The providers should show as “online” in vCenter > Configure > Storage Providers
Kudos to Shrikant (https://virtuallyvtrue.com )
VMworld 2019 closed last week. As every year it was a pleasure to join. Extremely valuable Sessions, good networking and indeed cool parties.
William Lam curates a list of sessions with Streams and PDF (if): https://github.com/lamw/vmworld2019-session-urls
Many Sessions were around Project Pacific and VMware Tanzu. I try to keep you posted in the next weeks on those topics. Also many deep dives took place and they were worth it.
#vBeards2019 #movember
Don´t forget to donate: https://de.movember.com/events/view/id/Y7a7
Cheerz Winguru