Be Mindful of vSphere Client Versions When Working with OVAs
A colleague of mine was working with an OVA had used several times before. After upgrading ESXi with the Heartbleed patches (5.5 Update 1a) he found that he received a generic connection failed error when uploading the OVA.
(Note: in this drill there is no vCenter but we were connecting directly to the ESXi host)
I noticed that his vSphere client was a slightly older build — pre Heartbleed but new enough that it would appear to work fine with the 5.5 host. Knowing that Heartbleed is about SSL I recommended that he update the vSphere client to the same build that was released with the Heartbleed patch. This changed the error but did not fix the problem. Not sure what the exactly underlying issue is but the existing OVAs (that were created with 5.5) could no longer be deployed.
Using the latest vSphere client he tried exporting the source VMs into a new OVA and was able to import with no issues.
I’m not sure of the exact interaction but I’m assuming that the OVAs are signed with the private key and that somehow the Heartbleed patch “breaks” some interaction here such that the OVA is not accepted. Perhaps there will be a KB on this in the future but for the time being make sure that you have the latest build of the vSphere Client when creating and importing OVAs.