Symptoms
Cannot add the ESX host to vCenter ServerAdding the ESX host to vCenter Server failsYou see the error: SSLroutines:SSL3_GET_RECORD:decryption failed or bad record mac vCenter Server is installed in a virtual machine on an ESX host within the environment In the /var/log/vmware/hostd.log file of the ESX host, you see entries similar to: [<YYYY-MM-DD>T<time> F6482B90 error 'App'] SSLStreamImpl::SSLRead (5E0EB1A0) SSL_read failed. Dumping SSL error queue: [<YYYY-MM-DD>T<time> F6482B90 error 'App'] [0] error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac [<YYYY-MM-DD>T<time> F6482B90 warning 'Proxysvc Req00062'] Error reading from client while waiting for header: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3alert bad record mac) </time></time></time>In the /var/log/vmware/vpx/vpxa.log file of the ESX host, you see entries similar to: [<YYYY-MM-DD>T<time> 04296 error 'App'] [VpxVmomi] Unhandled Exception: SSL Exception: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [<YYYY-MM-DD>T<time> 04296 error 'App'] [VpxVmomi] Backtrace: backtrace[00] eip 0x021fc66d</time></time> ?AbortProcess@System@Vmacore@@YAXXZ backtrace[01] eip 0x021fd0a7 ? Connecting the ESX host directly to the vCenter Server virtual machine using the vSphere Client failsIn the /var/log/vmware/hostd.log file of the ESX host, you see entries similar to: [<YYYY-MM-DD>T<time> F63BFB90 warning 'Proxysvc Req00117'] Writing response from localhost:8307 to client failed with error N7Vmacore15SystemExceptionE(Broken pipe). [<YYYY-MM-DD>T<time> F58F5B90 error 'App'] Failed to send response to the client: Connection reset by peer </time></time>Generating a new SSL certificate on the ESX host or reinstalling vCenter Server does resolve this issueEnabling trivia logging does not provide more information on this issue
Cause
This issue occurs when a SSL record is received with an incorrect Message Authentication Code (MAC), which may be caused by network issues. For example, some packets may be lost during communication. In this case, the MAC calculated at the receiver's end does not match the MAC calculated at the sender's end.
Resolution
To resolve this issue, remove the virtual NIC from the vCenter Server virtual machine and add a new NIC for the virtual machine.
Note: If the issue persists, try adding a vmxnet3 virtual NIC.
Related Information
[Internal] Regenerating the SSL certificates on an ESXi host
