When executing an VMWare Inventory discovery from Enterprise Deployment Suite running on a Windows Server 2003 SP2 or above server you may receive the following error if the VMWare instance you are querying is using a self-signed SSL certificate:
Failure reason:
- Failed to connect to the VMware Infrastructure server. VMware services may not be running on the machine, or may be running on a different port.
Errors:
- One or more errors were encountered while retrieving a Secure Sockets Layer (SSL) certificate from the server: Server's SSL certificate is invalid.
- In fsend call to WinHttpSendRequest: A security error occurred (12175)
- An error occured in HTTP processing
- Failed to retrieve contents from web service https://<SERVER_NAME>:443/sdk
A. Install and configure a 3rd Party CA or Enterprise CA certificate 1024bit or greater on each VMWare server.
B. Configure the Enterprise Deployment Server to allow certificates less than 1024 bit.
Resolution A: Refer to your VMWare documentation as to how to install a 3rd Party CA certificate.
Resolution B:
1. Logon to the Enterprise Deployment Suite Server with Local Administrator credentials;
2. Open a command prompt and execute:
Certutil -setreg chain\EnableWeakSignatureFlags 8
Certutil -setreg chain\WeakSignatureLogDir "c:\Temp\Under1024KeyLog"
The log directory can be locate anywhere on the server, just make sure that the folder exists before executing the command.
3. Re-execute the VMWare Inventory task to verify connectivity.
Please refer to Microsoft KB article for more information: http://support.microsoft.com/kb/2661254
Dec 10, 2012 06:18 PM