VSphere 5.5 Client Login Issue with MS 2003 Server and XP

Mindwatering Incorporated

Author: Tripp W Black

Created: 12/10/2013 at 07:58 PM

 

Category:
VMWare
Windows Installation

Issue:
The following message is presented after upgrade of VSphere client from version 5.0.x and 5.5.x.
The Client could not send a complete request to the server. (The underlying connection was closed: An unexpected error occurred on a send.).

Solution:
XP and Windows 2003 are missing higher encryption keys. For 64bit MS XP/Server 2003, a hotfix from MS is available.

For 32bit MS XP/Server 2003, you can edit the local host / vCenter. Support is "best effort" but not guaranteed by VMware since XP is no longer supported by MS.

The ESXi Host can be configured to allow lighter SSL keys.
1. Locate the file /etc/vmware/rhttpproxy/config.xml.

2. Locate the <ssl> section and add the following line, and save the change.
<vmacore>
. . .
<ssl>
. . .
<cipherList>ALL</cipherList>
. . .
</ssl>
</vmacore>

3. Restart the rhttpproxy service.
# /etc/init.d/rhttpproxy restart


The vCenter server is a little more work:

A. One vmware community technote says to update the server.xml file:
1. Locate the file /usr/lib/vmware-vpx/tomcat/conf/server.xml.

2. Update the server.xml file to the following:
(See the dark red text for delta.)
<Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA , SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
3. You probably only need to restart Tomcat, but, we restarted all of vCenter.

B. A Beta readme said to edit the vpxd.cfg file:
1. Locate the file /etc/vmware-vpx/vpxd.cfg.

2. Locate the <ssl> section in the vmacore.
<config>
. . .
<vmacore>
. . .
<ssl>
. . .
<cipherList>ALL</cipherList>
. . .
</ssl>
</vmacore>
. . .
</config>



previous page

×