VCAP5-DCA – Objective 6.5 – Troubleshoot vCenter Server and ESXi Host Management

For this objective I used the following documents:

  • Documents listed in the Tools section

Objective 6.5 – Troubleshoot vCenter Server and ESXi Host Management



  • Identify CLI commands and tools used to troubleshoot management issues
    • If you can get to the console of your ESXi hosts, you can try restarting the management agents by running the following command:
      • restart

Skills and Abilities

  • Troubleshoot vCenter Server services and database connection issues
    • The first area that I look at when troubleshooting vCenter is ensuring that the vCenter Server (assumes you are running vCenter on a Windows box and not the appliance) services are started:
      • VMware VirtualCenter Server
      • VMware VirtualCenter Management Webservices
      • vCenter Inventory Service
      • VMware vSphere Profile-Driven Storage Service
    • If the VMware VirtualCenter Server service won’t start, you’ll need to check a few items:
      • If you are running SQL Server Express on the vCenter server, ensure the SQL service is also started
      • If you are running the database on a separate server, ensure that server is up and the database application is up. Once you have verified this, check the ODBC connection on the vCenter Server
        • Click Start > select Administrative Tools > click Data Sources (ODBC)
        • Click the System DSN tab
        • Ensure that a system data source exists. If it does exist, test the connection
        • Select the data source > click Configure…
        • Click the Finish button (I’ve taken out the name and server in the screenshot)


        • Click the Test Data Source… button. If you see TESTS COMPLETED SUCCESSFULLY! then you know the connection from the vCenter server to the database is good. If it shows failed, you need to start investigating why it is failing



  • Troubleshoot ESXi Firewall
    • You can look at your firewall settings through the GUI or using esxcli
    • Using the GUI
      • Log into the vSphere client and navigate to the Hosts and Clusters view
      • Select a host from the inventory tree and click on the Configuration tab on the right-hand side of the screen
      • Under Software, click the Security Profile hyperlink
      • Next to Firewall click the Properties hyperlink


      • From here you can enable/disable different services
    • Using esxcli
      • Use the following esxcli context for firewall related commands: esxcli network firewall
      • From here you can load and unload the firewall
        • esxcli network firewall <load><unload>
      • You can view the ruleset
        • esxcli network firewall ruleset list
      • You can set IP ACLs using this command
        • esxcli network firewall ruleset allowedip <add><list><remove>
      • You can see a full listing of all of the rules:
        • esxcli network firewall ruleset rule list


  • Troubleshoot ESXi host management and connectivity issues
    • this one is pretty hard to try and write about. it is really going to depend on the symptoms you are seeing in order to even figure out where to start. However, here are a few things you can check:
      • Physical connectivity
      • IP/subnet mask
      • VLAN on the vSwitch
      • VLAN on the physical switch
      • Reported duplex settings
      • ICMP
  • Determine the root cause of a vSphere management or connectivity issue
    • Again, this one is hard to put down on paper without knowing specific symptoms. Here are some things you can check:
      • Ensure all vCenter services are started
      • Ensure you have connectivity between your vCenter server and database (see some steps a previous section above)
      • Ensure the database is mounted and online
      • Ensure physical connectivity to the vCenter server
      • Ensure the proper VLANs are set
      • Ensure IP configuration on the vCenter server is correct
  • Utilize Direct Console User Interface (DCUI) and ESXi Shell to troubleshoot, configure, and monitor an environment
    • From The DCUI you can:
      • Configure the management network (IP, subnet mask, default gateway)
      • Configure DNS and domain
      • If the management network exists on a virtual Distributed Switch, you can restore it to a standard switch
      • Test the management network, which does the following by default:
        • Pings the default gateway
        • Pings the primary DNS server
        • Pings the secondary DNS server
        • Tries to resolve the hostname
      • You can edit the IPs and use whatever you’d like to test the management network
      • You can view the status of the physical adapters and connect/disconnect them from the virtual Standard Switch where the management network resides
      • Restart the management network
      • restore network settings to default
      • Look at system logs in order to determine errors


Leave a Reply

Your email address will not be published. Required fields are marked *