>From the logs I don't see an issue with SSL certs itself, we clearly see
>management servers are unable to connect to the systemVM's.
For the SSVM and CPVM to work, management servers should be able to ssh into
the systemVM's on the POD IP's ( in case of vmware) assigned. From the logs we
see this as failing as below
Logs for SSVM ( similar logs are seen for CPVM as well)
2025-08-11 11:07:53,220 DEBUG [c.c.h.v.r.VmwareResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) VM s-31-VM has been started successfully with hostname s-31-VM.
2025-08-11 11:07:53,220 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Trying to connect to 10.42.0.93
2025-08-11 11:07:56,276 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Could not connect to 10.42.0.93
2025-08-11 11:08:01,276 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Trying to connect to 10.42.0.93
2025-08-11 11:08:04,340 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Could not connect to 10.42.0.93
2025-08-11 11:08:09,340 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Unable to logon to 10.42.0.93
2025-08-11 11:08:09,340 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Trying to connect to 10.42.0.93
2025-08-11 11:23:52,828 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Trying to connect to 10.42.0.93
2025-08-11 11:23:55,892 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Could not connect to 10.42.0.93
2025-08-11 11:24:00,892 DEBUG [c.c.a.r.v.VirtualRoutingResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Unable to logon to 10.42.0.93
2025-08-11 11:24:03,956 ERROR [c.c.u.FileUtil] (DirectAgent-180:[ctx-d02be6b8,
10.42.0.23, job-44/job-138, cmd: StartCommand]) (logid:2459ff24) Failed to scp
files to system VM due to, No route to host
2025-08-11 11:24:07,028 ERROR [c.c.u.FileUtil] (DirectAgent-180:[ctx-d02be6b8,
10.42.0.23, job-44/job-138, cmd: StartCommand]) (logid:2459ff24) Failed to scp
files to system VM due to, No route to host
2025-08-11 11:24:10,100 ERROR [c.c.u.FileUtil] (DirectAgent-180:[ctx-d02be6b8,
10.42.0.23, job-44/job-138, cmd: StartCommand]) (logid:2459ff24) Failed to scp
files to system VM due to, No route to host
2025-08-11 11:24:10,100 ERROR [c.c.h.v.r.VmwareResource]
(DirectAgent-180:[ctx-d02be6b8, 10.42.0.23, job-44/job-138, cmd: StartCommand])
(logid:2459ff24) Failed to scp files to system VM. Patching of systemVM failed
com.cloud.utils.exception.CloudRuntimeException: Failed to scp files to system
VM due to, No route to host
2025-08-11 11:24:10,123 DEBUG [c.c.a.t.Request]
(Work-Job-Executor-91:[ctx-9e73a045, job-44/job-138, ctx-025b0546])
(logid:2459ff24) Seq 1-5696209103693548290: Received: { Ans: , MgmtId:
97591085894372, via: 1(10.42.0.23), Ver: v1, Flags: 110, { StartAnswer } }
2025-08-11 11:24:10,130 INFO [c.c.v.ClusteredVirtualMachineManagerImpl]
(Work-Job-Executor-91:[ctx-9e73a045, job-44/job-138, ctx-025b0546])
(logid:2459ff24) Unable to start VM on Host
{"id":1,"name":"10.42.0.23","type":"Routing","uuid":"8733a859-b04f-4341-9ceb-182b7917628f"}
due to Failed to scp files to system VM. Patching of systemVM failed due to:
Failed to scp files to system VM due to, No route to host
2025-08-11 11:24:10,139 DEBUG [c.c.v.ClusteredVirtualMachineManagerImpl]
(Work-Job-Executor-91:[ctx-9e73a045, job-44/job-138, ctx-025b0546])
(logid:2459ff24) Cleaning up resources for the vm VM instance
{"id":31,"instanceName":"s-31-VM","state":"Starting","type":"SecondaryStorageVm","uuid":"700c9d06-fc6e-40ce-a42f-d59e657771b3"}
in Starting state
>From the logs your pod network is using the following vswitch on vmware -
>"name":"vSwitch_Storage,402,vmwaresvs"
You can try to ssh into the SystemVM's directly from the management servers
once they are running on vmware and see if that works - You can ssh to
systemVM's on vmware using the steps here The System VM Template — Apache
CloudStack 4.20.1.0
documentation<https://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#accessing-system-vms>
The System VM Template — Apache CloudStack 4.20.1.0
documentation<https://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html#accessing-system-vms>
CloudStack uses several types of system Instances to perform tasks in the
cloud. In general CloudStack manages these system VMs and creates, starts, and
stops them as needed based on scale and immediate needs. Unlike user VMs,
system VMs are expunged on destroying them. However, the administrator should
be aware of them and their roles to assist in debugging issues. The System VM
Template The ...
docs.cloudstack.apache.org
If the ssh to systemVM's is not working , To isolate the issue may be you can
deploy a VM directly on vmware with a nic on the vswitch stated above and see
if you can ssh into the VM from all your management servers once running.
Thanks
Prashanth
________________________________
From: Kayo Henrique <kayo.henri...@onexdatacenter.com.br>
Sent: Tuesday, August 12, 2025 1:15 AM
To: Users <users@cloudstack.apache.org>
Subject: POSSIBLE SSL ERROR ON SYSTEM VMS - POSSÍVEL ERRO DE SSL NAS SYSTEM VMS
*IN ENGLISH*
Hello,
I've rebuilt my CloudStack environment to VMware and I'm having a
problem.
It appears my System VMs are powered on, have connectivity, and are
pinging all networks, but the System VM services (SSVM and CPVM) aren't
working.
The evidence images and the management server log file are available at
the link below:
https://drive.onexdatacenter.com.br/s/gRreLjZ4bg5KPHM
I did some research and discovered that it might be related to the SSL
certificate, but I don't quite understand how it works!
I'm here to help!
//
*EM PORTUGUÊS*
Olá,
Refiz meu ambiente de CloudStack para VMware e estou com um problema.
Aparentemente minhas System VMs estão ligadas, com conectividade,
pingando todas as redes, mas os serviços das System VMs (SSVM e CPVM)
não funcionam.
As imagens de evidência e o arquivo de logs do management server estão
presentes no link abaixo:
https://drive.onexdatacenter.com.br/s/gRreLjZ4bg5KPHM
Pesquisei um pouco sobre e descobri que pode estar relacionado ao
certificado SSL, mas não entendi muito bem como funcionaria isso!
Fico à disposição!!
--
Atenciosamente,
Kayo Henrique
Analista de Infraestrutura e Redes
OneX Data Centers
