vSphere Arena
vSphere Arena
Troubleshooting

vSphere client reports “An unknown connection error occurred. The request was aborted: Could not create SSL/TLS secure channel.”

Ritesh Shenoy by : Ritesh Shenoy

Today I had been through an issue where customer is unable to connect to vCenter using vsphere client. Client throws below error.

“An unknown connection error occurred.  The request was aborted: Could not create SSL/TLS secure channel.”

Web client is working fine but vsphere client would not be able to connect to the vCenter server

This issue generally occurs when your vCenter gets patched with certain windows updates.

KB3161608( KB3161639) seems to be one of the patch which basically breaks the connectivity with the vCenter . as per the knowledge article this patch has introduced new cipher suites which basically breaks the cipher order in turn not negotiating TLS connection.

There are two ways to resolve this.

  • Uninstall the hotfix KB3161608 and reboot the system but in that case complete rollup patch would be uninstalled.
  • Add the below registry value on your machine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]”ClientMinKeyBitLength”=dword:00000200

 Note: Please take a backup of registry before making any changes in regedit.

Please find the below article from Microsoft forum which provides additional details.

http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/problems-with-kb-3161608-and-kb-3161639/2cd5ffb3-c203-4080-872f-73de1a96e080?auth=1pl

If post removing this patch if you still tend to face the same issue please verify an additional step.

Check the current set of SSL versions acceptable to vCenter Server, then if required, reset that parameter to accept all versions.

Note: As a precaution, take a backup of the vCenter Server database.

Connect to the vCenter Server database.

  1. To check the current parameter value, run the SQL statement:select * from VPX_PARAMETER where NAME = ‘SSL.Version’
  2. If the parameter SSL.Version is not set to “all” (to accept all versions of SSL), run the SQL statement:update VPX_PARAMETER set VALUE = ‘all’ where NAME = ‘SSL.Version’
  3. Disconnect from the vCenter Server database.

if you need to avoid all these workarounds upgrade your environment to 5.5 update 3b. This will automatically take care of the above issues.

 

Tags : SSL/TLS error
Ritesh Shenoy

Ritesh Shenoy
Hey, My name is Ritesh Shenoy working as a Senior Consultant for SAP. The goal of this blog is to contribute towards VMware community and make ones life better with necessary content in place!

you might also like

Leave a Response