This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Certificate Issue for VMWare Inventory Import

Summary

When executing an VMWare Inventory discovery from Enterprise Deployment Suite running on a Windows Server 2003 SP2 or above server you may receive the following error if the VMWare instance you are querying is using a self-signed SSL certificate.

Symptoms

When executing an VMWare Inventory discovery from Enterprise Deployment Suite running on a Windows Server 2003 SP2 or above server you may receive the following error if the VMWare instance you are querying is using a self-signed SSL certificate:

Failure reason:

- Failed to connect to the VMware Infrastructure server. VMware services may not be running on the machine, or may be running on a different port.

Errors:

- One or more errors were encountered while retrieving a Secure Sockets Layer (SSL) certificate from the server: Server's SSL certificate is invalid.

- In fsend call to WinHttpSendRequest: A security error occurred (12175)

- An error occured in HTTP processing

- Failed to retrieve contents from web service https://<SERVER_NAME>:443/sdk


Cause

Microsoft security update 2661254 (http://support.microsoft.com/kb/2661254) updates the minimum acceptable certificate key length to 1024 bit. VMWare self-signed certificates are 512bit and therefore will be rejected by all systems that have had this update applied.

Resolution

There are two options to resolve this issue:

A. Install and configure a 3rd Party CA or Enterprise CA certificate 1024bit or greater on each VMWare server.

B. Configure the Enterprise Deployment Server to allow certificates less than 1024 bit.

Resolution A: Refer to your VMWare documentation as to how to install a 3rd Party CA certificate.

Resolution B:

1. Logon to the Enterprise Deployment Suite Server with Local Administrator credentials;

2. Open a command prompt and execute:

Certutil -setreg chain\EnableWeakSignatureFlags 8

Certutil -setreg chain\WeakSignatureLogDir "c:\Temp\Under1024KeyLog"

The log directory can be locate anywhere on the server, just make sure that the folder exists before executing the command.

3. Re-execute the VMWare Inventory task to verify connectivity.

Please refer to Microsoft KB article for more information: http://support.microsoft.com/kb/2661254

‎Dec 10, 2012 06:18 PM

Labels:
Was this article helpful? Yes No
No ratings
0 Kudos
Version history
Last update:
‎Dec 10, 2012 06:18 PM
Updated by: