Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fail to run discovery on VMware vCenter

We are getting this error when querying vCenter server 

Failed to retrieve contents from web service https://vcenterserver:443/sdk

An error occured in HTTP processing
In fsend call to WinHttpSendRequest: A security error occurred (12175)
One or more errors were encountered while retrieving a Secure Sockets Layer (SSL) certificate from the server: The application experienced an internal error loading the SSL libraries.


Checked https://IPAddress:PortNumber/sdk/vimService.wsdl  and   https://IPAddress:PortNumber/MOB

Ports are open verified with MgsIPScan.

Appreciate if any other inputs / suggestion 

(9) Replies

Hi Nagaeendra,

Looks as if your vCenter is running on a newer OS that is not supporting TLS 1.0 anymore and your Beacon is running on Windows 7 still?

Windows 7 requires TLS 1.0 or SSL3 to be supported. See the following URLs for documentation and a fix from Microsoft:


This is probably to due the security settings on your server.

Can you verify the following setting in the registry?

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"

If value is dword:00000800, than TLS 1.2 is only enabled. When you change the value to dword:00000200 (TLS 1.1 enabled) than the scan will work probably again after a beacon engine restart.

Can you give this a try?

Thanks @ stefangeerars

It's a win 2012 server and don't have this keyword DefaultSecureProtocols  under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp 

It only has Passport Test and Tracing Keys


Can you verify if you are using the SchUseStrongCrypto?


and did you set the Windows Schannel to disable for example TLS 1.0 and TLS 1.1?



Hi @stefange 

Yes, verified SchUseStrongCrypto it is set to dword:00000001

No TLS 1.0 and TLS 1.1 are set to enable.

should SSL 2.0 and 3.0 be enabled or disabled.


Try adding the registry key

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]"DefaultSecureProtocols"

with value: dword:00000200


Hi @stefange 

Checked by adding dword:00000200
Doesn't throw me SSL error now by doesn't do discovery also
But  on ESXquery I see  
" Decryption operation failed 
In fsend call to WinHttpSendRequest : A connection with the server could not be established (12029) 
An error occured in HTTP processing 
Failed to retrieve contents from web service https://vCenter server:443/sdk
BindingServer(ServerIP, proto=https, port=0) failed. "

By Level 5 Flexeran
Level 5 Flexeran

Question, Is the certificate on the vCenter server still valid?

Hi @ mgunnels 

Yes, certificate on vCenter is valid. though root certificate authority are different between these 2 server (vCenter & FNMS server)