I will publish some VMware Cloud Foundation(VCF) articles in the following weeks. Mainly will be errors that we can get when doing some tasks in the VCF and how to fix them. In this VCF error commission hosts: Unable to get Host Fingerprint,  I will explain this error and how to fix it.

When I was trying to add one ESXi host to the VCF Workload domain, I got this error: Unable to get the Host Fingerprint, verify if SSH access to the ESXi host is enabled.

What is a Host Fingerprint?

Host Fingerprint, also known as RSA key or host key, is used to identify the server to client using SSH. SSH server has a host key to verify that client is connected to the correct host. The server sends the key and proves its identity, the client accepts and sends it back the client identity, and then there is a connection using the SSH server. The client will read the key provided from the SSH server and make sure that it is connected to the correct host, in this case, to the right ESXi host.

As the error means, we have a security issue when VCF cannot identify/connect to ESXi hosts using the Host Fingerprint key. The most common problems here are if you have a problem with the firewall(ports, rules, etc.)  or the SSH service is not started on the source.

In this case, the firewall had no issues, and SSH service on the ESXi host was running, so no problem here.

Connecting to ESXi host using Web Client, I see service TSM-SSH, so I decided to restart this service.

After I restarted that service, try again to upload the file, and the ESXi host was added, and I was able to Confirm Fingerprint.

Somehow, the SSH Fingerprint key connection was lost while configuring the ESXi, so a simple restart of the service did the trick.

As we can see in this example, sometimes, a simple solution is enough to fix a problem that can take many hours to troubleshoot.

Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter.

©2022 ProVirtualzone. All Rights Reserved