A number of customers have experienced some issues with getting the Virtual SAN (VSAN) health check to work correctly in their environments. The most common issues have been permissions and certificates. In this post, I want to highlight these issues and any associated KB articles, and call out the symptom as well as the resolution.
KB 2117769 – incorrect permissions results in blank panels in vSphere client
When installing the health check on the windows version of vCenter Server, it is important that the user that is doing the installation has administrator privileges. The KB talks about one resolution. Another option is to open the command prompt window where you start the installation with the option “Run as administrator”. If you hit this issue, simply remove the health check, and reinstall it as a user with the correct permissions. This is documented in the latest version of the Health Check Guide.
KB 2133384 – health check fails to load with “Unexpected status code 400”
This is most commonly related to certificates, and the permissions associated with the certificate files. This permission issue occurs on the appliance version of vCenter only. Since VSAN health services is run by a non-privileged user, it may not be able to read the cert files, and thus will not be able to connect to vCenter. A colleague reported seeing this with the PSC (Platform Services Controller), when he changed its role to a Subordinate Authority Server. This KB takes you though the steps to rectify the situation.
health check fails to load with “Unexpected status code 503”
This was reported in the communities, so it does not have a KB article associated with it. After troubleshooting this issue, the customer noticed that they had a typo in a reverse DNS entry for the VCSA appliance. Once they fixed this, and redeployed with the correct DNS, the problem was solved and health check worked correctly. 503 is service unavailable.