For those who are running Windows XP 32 bit and facing the issue while connecting the vSphere Client to connect to vCenter Server 5.5, ESXi 5.5 and ESXi 6.0 host directly, there is a solution provided by VMware.
According to VMware KB, this is due to a Handshake failure. vSphere 5.1 and 5.5 uses the Open SSL library, which, for security, is configured by default to accept only connections that use strong cipher suites. On Windows XP or Windows Server 2003, the vSphere Client and vSphere PowerCLI do not use strong cipher suites to connect with vCenter Server. This results in the error No matching cipher suite on the server side, and a Handshake failure on the vSphere Client or vSphere PowerCLI side.
There is a hotfix, KB948963 for Windows Server 2003 32 and 64bit, or Windows XP 64bit.
- Platform: x64: Click to download Hotfix
- Platform: ia64: Click to download Hotfix
- Platform: i386: Click to download Hotfix
Note: Windows XP has reached end of support and new hotfixes will not be available. For more information, see Windows Support Has Ended.
Solution for ESXi 5.1 and 5.5
1. Connect to the host via SSH or using ESXi Shell :
~ # vi /etc/vmware/rhttpproxy/config.xml
Insert the following line under vmacore > ssl section, it exactly under <libraryPath>/lib/</libraryPath>
<config> ... <vmacore> ... <ssl> <doVersionCheck> false </doVersionCheck> <useCompression>true</useCompression> <libraryPath>/lib/</libraryPath> <cipherList>ALL</cipherList> </ssl> ... </vmacore> ... </config>
2. Save and close the config.xml file
3. Restart rhttpproxy service to take affect :
~ # /etc/init.d/rhttpproxy restart watchdog-rhttpproxy: Terminating watchdog process with PID 34232 rhttpproxy stopped. rhttpproxy started.
Solution for the vCenter Server Appliance
- Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance in the vCenter Server and Host Management Guide.
- Navigate to the directory:
/etc/vmware-vpx/ - Backup the vpxd.cfg file. Do not skip this step.
- Open vpxd.cfg file in a plan text editor
- Add the <cipherList>ALL</cipherList> parameter between the <ssl>…</ssl> section of the configuration file, For example:
<config> ... <vmacore> ... <ssl> ... <cipherList>ALL</cipherList> ... </ssl> ... </vmacore> ... </config>
- Save and close the vpxd.cfg file.
- Restart the vCenter Server service for the change to take effect.
Solution for Windows-based vCenter Server
- Connect to the vCenter Server using RDP.
- Navigate to the directory:C:\ProgramData\VMware\VMware VirtualCenter\
- Backup the vpxd.cfg file. Do not skip this step.
- Open the vpxd.cfg file in a text editor
- Add the <cipherList>ALL</cipherList> parameter between the <ssl>…</ssl> section of the configuration file, for example:
<config> ... <vmacore> ... <ssl> ... <cipherList>ALL</cipherList> ... </ssl> ... </vmacore> ... </config>
- Save and close the vpxd.cfg file.
- Restart the vCenter Server service for the setting to take affect.
Is fix settings for Esxi 5.0? rhttproxy have 5.1 and later.
This worked for ESXi 6.0.0 as well. Thanks!
When we added TLSv1.2 on /etc/vmware/rhttpproxy/config.xml file and restart the /etc/init.d/hostd and /etc/init.d/rhttpproxy services .
It is disabling the SSLV3 and enabling the TLSv1.2 But not allowing us to log in to to the esxi server through Vsphere client.Please help on the disabling SSLv3 on port number 443 and enable only TLS versions.
Thank you for this post, “Solution for ESXi 5.1 and 5.5” works also fine with ESXi 6.0.
Worked for me!, Thanx!!!