I recently came across this issue in my lab after upgrading my vCenter Server from version 4.1 to version 5 and figured I’d blog about it. In this case I have a couple of hosts with configuration issues shown in the screenshot below.
Its pretty clear in the message that there is a problem with the SSL thumbprint verification for this host so we can check some things by going to Administration -> vCenter Server Settings in vCenter. Next select SSL Settings and you should see something similar to the screenshot below.
The hosts that shows up in the list needs to be verified. We can just check the Verified checkbox and be done or better verify what the host actually shows for it’s SSL thumbprint. If your host is ESX, ssh to it’s console and type the command “openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout“.
If your using ESXi then you can log into the direct console and select View Support Information on the System Customization menu.
Once you have verified that the host thumbprint matches whats show in vCenter you can check the Verified checkbox and click OK.
In my situation I also ran the “Reconfigure for vSphere HA” for each of the hosts that had this issue so that the vSphere HA Agent could be updated.