Skip to main content

"Unknown" status showing in host compliance status





There were several practices where we use host profile into our environment to get the compliance among all other ESXi host into the cluster.

There are mostly 3 types of status identified to the hostprofile which is attached to the ESXi host.

1) Compliant
2) Not-compliant
3) Unknown

As you know when all the features and settings of host profile and ESXi meets perfectly then only status shows as Compliant status.
Not-compliance status shows when the hostpofile unable to meet the complete requirement on the host and some feature are missing.
Unknown status is the one which suspect even when you have ESXi host into the Compliance status or sometime could be in Not-compliant status.

There are several indentified cause for that.

Most of the time we found that all good from ESXi UI and hostprofile where all the parameters are meet successfully and even then host profile status shows as "UNKNOWN" status.

In my case i found one glitch where the dvs configuration was not sync completely in /etc/vmware/hostd/portgroup.gz under the ESXi host. Its states that the full mapping of dvportgroup to portgroupkey was missing.

To verify the correct mapping you can verify the portgroup.gz file from the ESXi host which shows host compliant status with ESXi host which shows hostprofile as "UNKNOWN" status.


Resolution:

To resolve this issue you can move all the DVS Switch/portgroup to Standard Switch and revert back all to the DVS where all the portgroup and portgroupkey mapping gets established properly into /etc/vmware/hostd/portgroup.gz of the ESXi host
which is showing unknown status. After completion, try to verify the host compliance check and you will find the host profile status moves to compliant successfully.

Second solution: If your ESXi host is running with 6.0 U1, then upgrade it to 6.0 u2 which is one of the solution.



Comments

Popular posts from this blog

Changing the FQDN of the vCenter appliance (VCSA)

This article states how to change the system name or the FQDN of the vCenter appliance 6.x You may not find any way to change the FQDN from the vCenter GUI either from VAMI page of from webclient as the option to change the hostname always be greyed out. Now the option left is from the command line of VCSA appliance. Below steps will make it possible to change the FQDN of the VCSA from the command line. Access the VCSA from console or from Putty session. Login with root permission Use above command in the command prompt of VCSA : /opt/vmware/share/vami/vami_config_net Opt for option 3 (Hostname) Change the hostname to new name Reboot the VCSA appliance.   After reboot you will be successfully manage to change the FQDN of the VCSA . Note: Above step is unsupported by VMware and may impact your SSL certificate and face problem while logging to vSphere Web Client. If you are using self-signed certificate, you can regenerate the certificate with the

Issue : Configure Management Network option is Grayed out into ESXi

Last week I got into an issue of one of my client into Vsphere environment where one of its ESXi went done out of the network. Issue was IP address was showing 0.0.0.0 on main Esxi screen and when I tried to change the network configuration, its " Configure Management network option was greyed out.  I tried to gid into it and try to analyis its vmKernal and vmwarning logs. What I found is its VMkernal switch got removed due to unexpected reason. So to resolve the issue I tried to reconfigure its vswitch0 (vmk0) by going into Tech Mode of that Exi. Below are the steps which I followed to resolve the issue. 1) Login to ESXi 2) Press F2, Check if you " Configure Management network " is greyed out or not" if yes,    follow below 3) Press ALT+F1 to move the ESXi screen to tech mode   ( This is command line like dos) 4) login with root account 5) Run the following command into it esxcli network ip interface add --interface-name= vmk0

Collecting Logs from NSX-T Edge nodes using CLI

  This article explains how to extract the logs from NSX-T Edge nodes from CLI. Let's view the steps involved: 1) Login to NSX-T  Edge node using CLI from admin credentials. 2) Use of  " get support-bundle " for Log extraction. get support-bundle command will extract the complete logs from NSX-T manager/Edge nodes. nsx-manager-1> get support-bundle file support-bundle.tgz 3) Last step is to us e of " copy file support-bundle.tgz url " command. copy file will forward your collected logs from the NSX-T manager to the destination(URL) host from where you can download the logs. copy file support.bundle.tgz url scp://root@192.168.11.15/tmp Here, the URL specified is the ESXi host ( 192.168.11.15) under /tmp partition where logs will be copied and from there one can extract it for further log review. Happy Learning.  :)