{"id":6757,"date":"2025-04-09T14:09:38","date_gmt":"2025-04-09T22:09:38","guid":{"rendered":"https:\/\/jetstreamsoft.com\/portal\/?post_type=ht_kb&#038;p=6757"},"modified":"2025-10-09T11:44:24","modified_gmt":"2025-10-09T19:44:24","slug":"unable-to-establish-communication-with-rest-services","status":"publish","type":"ht_kb","link":"https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/unable-to-establish-communication-with-rest-services\/","title":{"rendered":"Unable to Establish Communication with REST Services on Host"},"content":{"rendered":"\n<p class=\"is-style-info wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\">This article applies to JSDR software version 5.0.x running on vSphere 8.x or above.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Problem<\/h2>\n\n\n\n<p class=\"\">The MSA uses the IOF REST user to communicate with hosts. The warning message \u201cUnable to Establish Communication with REST Services on Host,\u201d may be triggered due to various error conditions:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1017\" height=\"451\" src=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/rest-service-error-message-1.png\" alt=\"\" class=\"wp-image-6997\" srcset=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/rest-service-error-message-1.png 1017w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/rest-service-error-message-1-300x133.png 300w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/rest-service-error-message-1-768x341.png 768w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/rest-service-error-message-1-50x22.png 50w\" sizes=\"(max-width: 1017px) 100vw, 1017px\" \/><figcaption class=\"wp-element-caption\">IOF REST error message.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">The Health Viewer status indicates <strong>RESTCOMMUNICATIONFAILURE<\/strong> on hosts:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"581\" src=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus-1024x581.png\" alt=\"\" class=\"wp-image-6977\" srcset=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus-1024x581.png 1024w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus-300x170.png 300w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus-768x436.png 768w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus-50x28.png 50w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/healthviewerstatus.png 1420w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Health Viewer status error.<\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">The protected domain summary page reports a warning, \u201cManagement Server is not able to connect to DR server on some Hosts.\u201d:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"581\" src=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage-1024x581.png\" alt=\"\" class=\"wp-image-6978\" srcset=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage-1024x581.png 1024w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage-300x170.png 300w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage-768x436.png 768w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage-50x28.png 50w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/warningmessage.png 1420w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Management Server warning message.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Cause<\/h2>\n\n\n\n<p class=\"\">The above errors may be caused by any of the following issues:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue 1<\/h4>\n\n\n\n<p class=\"\">If the IOF REST user password expires, the error message can be triggered per the vCenter SSO user password expiration policy.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">The IOF REST user account is authenticated through vCenter SSO. The vCenter SSO password expiration policy is applied to the IOF Rest user account when it is created.<\/li>\n\n\n\n<li class=\"\">To review the current vCenter password policy details navigate to:&nbsp;<strong>Administration \u2013&gt; Single Sign On \u2013&gt; Configuration \u2013&gt; password policy \u2013&gt; edit<\/strong><\/li>\n\n\n\n<li class=\"\">By default, the vCenter SSO password expires every 90 days.<\/li>\n\n\n\n<li class=\"\">Refer to this KB article to address the issue:<br><a href=\"https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/how-to-fix-password-expiration-of-iof-rest-credentials\/\">https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/how-to-fix-password-expiration-of-iof-rest-credentials\/<\/a><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue 2<\/h4>\n\n\n\n<p class=\"\">If the MSA cannot communicate with hosts, the error message can be triggered due to necessary ports not being opened or improper networking configuration.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">MSA to ESXi host TCP\/IP port 443 needs to be allowed. To validate, execute the following command from MSA SSH.\n<ul class=\"wp-block-list\">\n<li class=\"\"><kbd>curl -v https:\/\/&lt;Esxi_host_IP\/FQDN&gt;:443<\/kbd><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"\">Validate the \u201c<strong>jetiofrest\u201d<\/strong> service is running on the host (ESXi host \u2192 Configure \u2192 Service). In case the <strong>jetiofrest<\/strong> service is stopped, follow the steps below to start the service again.\n<ul class=\"wp-block-list\">\n<li class=\"\">For AVS: execute the run command <strong>Restart-JetDRDaemon<\/strong> (for DaemonName use <strong>jetiofrest<\/strong>).<\/li>\n\n\n\n<li class=\"\">For On-prem: start the service <strong>jetiofrest <\/strong>directly on the host (from Configure \u2192 Service).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue 3<\/h4>\n\n\n\n<p class=\"\">Differences in time settings between JetStream appliances, MSA, vCenter, and ESXi hosts can trigger the error message.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">Refer to this KB article to address the issue:<br><a href=\"https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/troubleshooting-jetstream-msa-time-skew-issues\">https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/troubleshooting-jetstream-msa-time-skew-issues<\/a><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue 4<\/h4>\n\n\n\n<p class=\"\">The warning \u201c<em>Unable to establish communication with REST services<\/em>.\u201d can appear for hosts on the cluster configuration page:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">Shortly after creating the IOF REST user using the AVS Run command:<br>(<kbd>Enable-JetStreamRestUser<\/kbd>)<\/li>\n\n\n\n<li class=\"\">When creating the IOF REST user using the PowerShell script:<br>(<kbd>manage_iofrest_user.ps1<\/kbd>) for on-prem installations<\/li>\n\n\n\n<li class=\"\">This can also occur when the MSA tries to authenticate the IOF REST user while it is locked.\n<ul class=\"wp-block-list\">\n<li class=\"\">Example log snippet from the MSA:<br><code>Caused by: com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: The account of the user trying to authenticate is locked. :: The account of the user trying to authenticate is locked. :: User account locked: {Name: jetstream, Domain: vsphere.local} Please see the server log to find more detail regarding exact cause of the failure.<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"is-style-danger wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\">The user account may become locked if there are more than three failed login attempts within a short period of time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Unlocking the IOF REST User<\/h2>\n\n\n\n<p class=\"\">Two solutions can be used to unlock the JetStream IOF REST user to resolve the problems described above:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Solution 1: Unlock the User by Restarting MSA-Tomcat Services<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">Log in to the MSA and execute the following command to restart MSA-Tomcat services:<br><code>sudo systemctl stop msa-tomcat<br>sudo systemctl start msa-tomcat<\/code><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Solution 2: Unlock the IOF Rest user through vCenter<\/h4>\n\n\n\n<p class=\"is-style-info wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\">You must be logged into vCenter as <em>administrator@vsphere.local<\/em>.<br>For AVS customers, please get help from Microsoft to use this method.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\">Navigate to:<br><em>Administration <\/em>&gt; <em>Users and Groups <\/em>&gt;<em> Select the domain \u2018vsphere.local\u2019<\/em> from the domain drop-down menu.<\/li>\n\n\n\n<li class=\"\">Select the username: \u201cjetstream\u201d.<\/li>\n\n\n\n<li class=\"\">Click the arrow icon next to the \u201c<em>More<\/em>\u201d tab.<\/li>\n\n\n\n<li class=\"\">Select the <strong>Unlock<\/strong> option.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"355\" src=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-1024x355.png\" alt=\"\" class=\"wp-image-6979\" srcset=\"https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-1024x355.png 1024w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-300x104.png 300w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-768x266.png 768w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-50x17.png 50w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser-1536x533.png 1536w, https:\/\/jetstreamsoft.com\/portal\/wp-content\/uploads\/2025\/04\/unlockjetstreamuser.png 1909w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Unlock the JetStream IOF REST user.<\/figcaption><\/figure>\n\n\n\n<p class=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Problem The MSA uses the IOF REST user to communicate with hosts. The warning message \u201cUnable to Establish Communication with REST Services on Host,\u201d may be triggered due to various error conditions: Cause The above errors may be caused by any of the following issues: Issue 1 If the IOF REST user password expires, the [&hellip;]<\/p>\n","protected":false},"author":1,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"ht-kb-category":[92],"ht-kb-tag":[223,207,227],"class_list":["post-6757","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-troubleshooting","ht_kb_tag-io-filter-vcenter-plugin","ht_kb_tag-msa-mms","ht_kb_tag-network-connectivity"],"_links":{"self":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/6757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/comments?post=6757"}],"version-history":[{"count":20,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/6757\/revisions"}],"predecessor-version":[{"id":7017,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/6757\/revisions\/7017"}],"wp:attachment":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/media?parent=6757"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb-category?post=6757"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb-tag?post=6757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}