- Flexera Community
- :
- FlexNet Manager
- :
- FlexNet Manager Forum
- :
- Fail to run discovery on VMware vCenter
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fail to run discovery on VMware vCenter
We are getting this error when querying vCenter server
Failed to retrieve contents from web service https://vcenterserver:443/sdk
An error occured in HTTP processing
In fsend call to WinHttpSendRequest: A security error occurred (12175)
One or more errors were encountered while retrieving a Secure Sockets Layer (SSL) certificate from the server: The application experienced an internal error loading the SSL libraries.
Checked https://IPAddress:PortNumber/sdk/vimService.wsdl and https://IPAddress:PortNumber/MOB
Ports are open verified with MgsIPScan.
Appreciate if any other inputs / suggestion
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nagaeendra,
Looks as if your vCenter is running on a newer OS that is not supporting TLS 1.0 anymore and your Beacon is running on Windows 7 still?
Windows 7 requires TLS 1.0 or SSL3 to be supported. See the following URLs for documentation and a fix from Microsoft:
https://social.technet.microsoft.com/Forums/en-US/e07aa2b7-abd4-4212-94b9-56cf73a91323/certificate-error-while-opening-excel-file?forum=officeitpro
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This is probably to due the security settings on your server.
Can you verify the following setting in the registry?
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"
If value is dword:00000800, than TLS 1.2 is only enabled. When you change the value to dword:00000200 (TLS 1.1 enabled) than the scan will work probably again after a beacon engine restart.
Can you give this a try?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @ stefangeerars
It's a win 2012 server and don't have this keyword DefaultSecureProtocols under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
It only has Passport Test and Tracing Keys
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can you verify if you are using the SchUseStrongCrypto?
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\vx.x.xxxx]
"SchUseStrongCrypto"=dword:00000001
and did you set the Windows Schannel to disable for example TLS 1.0 and TLS 1.1?
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\
Stefan
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @stefange
Yes, verified SchUseStrongCrypto it is set to dword:00000001
No TLS 1.0 and TLS 1.1 are set to enable.
should SSL 2.0 and 3.0 be enabled or disabled.
Thanx
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try adding the registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"
with value: dword:00000200
Stefan
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @stefange
Checked by adding dword:00000200
Doesn't throw me SSL error now by doesn't do discovery also
But on ESXquery I see
" Decryption operation failed
In fsend call to WinHttpSendRequest : A connection with the server could not be established (12029)
An error occured in HTTP processing
Failed to retrieve contents from web service https://vCenter server:443/sdk
BindingServer(ServerIP, proto=https, port=0) failed. "
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Question, Is the certificate on the vCenter server still valid?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ mgunnels
Yes, certificate on vCenter is valid. though root certificate authority are different between these 2 server (vCenter & FNMS server)
