This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Highlighted
nagaeendra
Flexera beginner
‎Sep 16, 2019 06:46 AM

Fail to run discovery on VMware vCenter

We are getting this error when querying vCenter server 

Failed to retrieve contents from web service https://vcenterserver:443/sdk

An error occured in HTTP processing
In fsend call to WinHttpSendRequest: A security error occurred (12175)
One or more errors were encountered while retrieving a Secure Sockets Layer (SSL) certificate from the server: The application experienced an internal error loading the SSL libraries.

 

Checked https://IPAddress:PortNumber/sdk/vimService.wsdl  and   https://IPAddress:PortNumber/MOB

Ports are open verified with MgsIPScan.

Appreciate if any other inputs / suggestion 

0 Kudos
Reply
9 Replies
Highlighted
statler
Intrepid explorer
‎Sep 16, 2019 07:58 AM

Re: Fail to run discovery on VMware vCenter

Hi Nagaeendra,

Looks as if your vCenter is running on a newer OS that is not supporting TLS 1.0 anymore and your Beacon is running on Windows 7 still?

Windows 7 requires TLS 1.0 or SSL3 to be supported. See the following URLs for documentation and a fix from Microsoft:

https://social.technet.microsoft.com/Forums/en-US/e07aa2b7-abd4-4212-94b9-56cf73a91323/certificate-e...
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-sec...

Reply
Highlighted
stefange
Active participant
‎Sep 16, 2019 08:07 AM

Re: Fail to run discovery on VMware vCenter

Hi,

This is probably to due the security settings on your server.

Can you verify the following setting in the registry?

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"

If value is dword:00000800, than TLS 1.2 is only enabled. When you change the value to dword:00000200 (TLS 1.1 enabled) than the scan will work probably again after a beacon engine restart.

Can you give this a try?

0 Kudos
Reply
Highlighted
nagaeendra
Flexera beginner
‎Sep 16, 2019 10:48 PM

Re: Fail to run discovery on VMware vCenter

Thanks @ stefangeerars

It's a win 2012 server and don't have this keyword DefaultSecureProtocols  under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp 

It only has Passport Test and Tracing Keys

0 Kudos
Reply
Highlighted
stefange
Active participant
‎Sep 17, 2019 02:49 AM

Re: Fail to run discovery on VMware vCenter

Hi,

Can you verify if you are using the SchUseStrongCrypto?

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\vx.x.xxxx]
"SchUseStrongCrypto"=dword:00000001

and did you set the Windows Schannel to disable for example TLS 1.0 and TLS 1.1?

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\

Stefan

0 Kudos
Reply