VMware 5.0 U 2 / SSL question - VMware support is stumped

I am running the following:

Update versions:

VMware ESXi 5.0 Patch Express 4 (version version 5.0.0
804277) vCenter server 5.0 U2 (version 5.0.0 version 913577) vCenter Server 5.0
Update 1 b (in fact it's vSphere Client version 5.0.0 build 804277) RS
5.0.1.2645 SRA 9.5.0.621 left hand left hand SAN Qi 9.5.00.1215.0

For example, we have recently moved our Windows 2003 to 2008 CA server. We have exported all certificates and re-imported into a server that has the same name, best practices according to MSFT. A few days later our guests in VSphere has dropped to a disconnected with the alert, not verified SSL State. It is a known problem in 5.0 we however on U2 5.0 which should be good. We have generated new certificates of authority of cert and imported. Here is the list of steps more or less, we have carried out more than 1 times:

(1) close all virtual machines by directly connecting to the hosts

(2) enable SSH and put the hosts in maintenance mode

(3) create a CRS (cert requests)

(4) generate services AD cert certificates or any enterprise certification authority

(5) to import the new cert guests

(6) power cycle the hosts (they should return to the maintenance mode, not disconnected state)

(7) remove the cluster hosts in VSphere

(8) then re add them to the cluster

The hosts would be good for an hour or so falling into a disconnected state. We cycled through at least 3-4 level 3 technical support engineers. They all seem to be perplexed. Here is the log of host that we think that the best shows what is happening:

2013 10-25 T 12: 40:29.113 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxLRO] - tache-interne-11448--hote-547--vpxdinvthostsynchostlro.synchronize--BEGIN

2013 10-25 T 12: 40:29.114 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxdHostSync] synchronization host: host-547 (redacted)

2013 10-25 T 12: 40:29.118 - 07:00 [09292 info 'Default' opID=HB-host-547@340-90f44497] InvokeOnSoap [ClientAdapterBase] leave

2013 10-25 T 12: 40:29.120 - 07:00 [09292 info 'Default' opID=HB-host-547@340-90f44497] InvokeOnSoap [ClientAdapterBase] leave

2013 10-25 T 12: 40:29.216 - 07:00 [error 09600 "Default"] SSL_connect SSLStreamImpl::DoClientHandshake (000000000db55850) has failed. Queue DumpingSSL error:

2013 10-25 T 12: 40:29.216 - 07:00 [error 09600 'Default'] [0] error: 14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verifyfailed

2013 10-25 T 12: 40:29.216 - 07:00 [error 'HttpConnectionPool 09600'] [ConnectComplete] Connect error SSL Exception: the remotehost certificate has these problems:

->

-> * unable to get local issuer certificate

->

-> * Hostname does not match the name (s) of the topic incertificate.

2013 10-25 T 12: 40:29.217 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxLRO] - tache-interne-11449--hote-547--hostdisconnectlro.disconnect--BEGIN

2013 10-25 T 12: 40:29.218 - 07:00 [10080 info'vmomi.soapStub [398]' opID = task-internal-11449-6cc3b3c7] adapterfor heel reset TCP server:redacted: 443: closed

2013 10-25 T 12: 40:29.220 - 07:00 [error 09292 "Default" opID=HB-host-547@340-90f44497] [VpxdInvtHostSyncHostLRO] Got method fault:vim.fault.SSLVerifyFault

2013 10-25 T 12: 40:29.220 - 07:00 [error 09292 "Default" opID=HB-host-547@340-90f44497] Backtrace: backtrace [00] rip 000000018013da0a (informal)

-> backtrace [01] rip 00000001801006 b 8 (free side)

-> backtrace [02] rip 0000000180100bbe (informal)

-> backtrace [03] rip 0000000180087c2b (informal)

-> backtrace [04] rip 00000000009f9a21 (informal)

-> backtrace [05] rip 000000013fed05da (informal)

-> backtrace [06] rip 00000001401e8cfd (informal)

-> backtrace [07] rip 00000001401e9d84 (informal)

-> backtrace [08] rip 00000001401ea70a (informal)

-> backtrace [09] rip 000000013fec424b (informal)

-> backtrace [10] rip 000000013feccf6a (no symbol

-> backtrace [11] rip 000000018015471 d (informal)

-> backtrace [12] rip 0000000180155 c 44 (informal)

-> backtrace [13] rip 000000018014dfd5 (informal)

-> backtrace [14] rip 0000000074ce2fdf (no symbol

-> backtrace [15] rip 0000000074ce3080 (informal)

-> backtrace [16] rip 000000007739652d (informal)

-> backtrace [17] rip 000000007782 c 521 (free side)

->

2013 10-25 T 12: 40:29.317 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost] host connection state [DISCONNECTED] changedto for host-547

2013 10-25 T 12: 40:29.333 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdInvtHost::SaveFieldsToDb] IPMI redacted info is not defined

2013 10-25 T 12: 40:29.390 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost::SetComputeCompatibilityDirty] marked host-547 as dirty.

2013 10-25 T 12: 40:29.390 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoCluster::SetDasCompatDirty] Markeddomain-c26 as dirty.

2013 10-25 T 12: 40:29.464 - 07:00 [09292 info "Default" opID=HB-host-547@340-90f44497] [VpxLRO] - speciale-interne-11448--hote-547--vpxdinvthostsynchostlro.synchronize--FINISH

2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoHost::SetComputeCompatibilityDirty] marked host-547 as dirty.

2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxdMoCluster::SetDasCompatDirty] Markeddomain-c26 as dirty.

2013 10-25 T 12: 40:29.464 - 07:00 [10080 info "Default" opID = task-internal-11449-6cc3b3c7] [VpxLRO] - speciale-interne-11449--hote-547--hostdisconnectlro.disconnect--FINISH

2013 10-25 T 12: 40:29.775 - 07:00 [error 'HttpConnectionPool 09292'] [ConnectComplete] Connect error no connection could not carried because the target machine actively refused it.

2013 10-25 T 12: 40:29.775 - 07:00 [error 04556 "Default" opID = b02f0c1d] [HttpUtil::ExecuteRequest] error in sending the request - Noconnection could be made because the target machine actively refused it.

If you have an intermittent problem where one of the symptoms is the error message "host name does not match the incertificate name (s) of the subject", I would check your DNS configuration.  Also check the SSL certificate on the host computer.  You could get directed to an ip address where the host is not the certificate that is expected.  I check the ip address of the host from the command line, and then check the certificate with a command like:

OpenSSL s_client-connect host.domain.com:443

and see what is CN.  He will be on top.

Tags: VMware

Similar Questions

  • VMware Tools error, can not download and install the tools: "internal error of the client CD (3033). Contact your system or VMware Support Administrator"

    Hello

    I installed Windows Pro 8.1 x 64 RTM with Rollup GA A on PC, after that I installed VMware Player 6.0.1 and when I tried to download and install VMware Tools, I got the following error message: "internal error of the client CD (3033).» Contact your administrator system or VMware Support. »

    How can I install these tools? Please, fix the problem with the Server CD, I need to install VMware Tools.

    I tried to download on the deposit of CDS - / www/internship/session-32/cds/vmw-desktop/player but there is no record for the VMware Player 6.0.1 version, while the Tools-windows - 9.6.0.exe.tar is a strange form, how can I install these tools in VMware Player?

    Thank you.

    Workaround solution:

    1. download the trial of VMware Workstation 10

    2. install

    3. navigate to the Program files VMware Workstation 10

    4. find windows.iso, copy to USB or transfer it to some hosting

    5. go the machine to hosts, copy on it windows.iso

    6. inside of the guest computer mount windows.iso as drive

    7 install tools

    8 restart the guest computer

    That's all

    P.S. I am very disappointed, that such large and respected company, like VMware, after almost a month, since the question has been raised cannot pay 10 minutes and fixes a bug with CD-server and allow their users to download & install VMware Tools without any problems, even if we are talking about free product such as VMware Player!

  • How VMWare supports 3D graphics acceleration?

    We want to use virtual system to test our HTML5 performance.

    Thus, 3D graphics acceleration is necessary.

    But we are new on the 3D graphics technology and this made feather supported in VMWare.

    So, my question is, VMWare support Direct3D, OpenGL, or both?

    How active them?

    No I'm sorry, you have to build yourself the vmwgfx driver and to work and then you still use a product that is not yet still in beta.

    If you are likely to see problems with it, even if you would get to work.

    The easy answer with acceleration hardware openGL support for Linux is to wait until it is available to the public.

    --
    Wil
    _____________________________________________________
    VI Toolkit & scripts wiki at http://www.vi-toolkit.com

    Writer to the blog www.planetvm.net

    Twitter: @wilva

  • ESXi 4 Installable U1 + taken VMware supported SD cards?

    I searched the Forum a bit ( http://communities.vmware.com/message/1476000#1476000 and http://communities.vmware.com/message/1471521#1471521 for example) and really have not found a good (or official VMware) answer the question of SD cards supported in versions installed ESXi user.  My biggest concern is the support.  Are the supported user installed SD card? For now, I'm setting up a new R710 with SD reader module internal and my support is through VMware and not Dell.  I was told (by Vmware sales) that VMware does NOT support install ESXi SD card, unless it is installed through the OEM directly.  But it seems strange.  I have the Essentials, so I don't get taken in charge unless I paid $300 per incident anyway. But I want to just make sure that if I called VMware they cling on me because I use a SD boot ESXi.  I really like installation on flash/SD because I think the management is far superior to the disk HARD local installs (as mentioned in previous posts).   Unfortunately, now I do not know what to think about the support... http://communities.vmware.com/images/emoticons/sad.gif There is no mention in the HCL of Flash cards or SD recommended or taken in charge.  This seems to be a really horrible exclusion IMO since the ESXi 4 U1 install documentation refer to the HCL for Flash devices are supported.

    Seems like there is a lot of confusion on this issue from the perspective of support.  Can someone clarify this once and for all the GOLD offer some guidelines that wanted to keep me supported by VMware? All I found was this article (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1010574) that references the USB flash devices.  This kind of logic applies to the SD cards as well?  I bought the kit SD from Dell (Dell's SD map - which seems to be a generic Kingston 1 GB).  If someone can offer comments/insight I would really appreciate it.  Thank you...

    Hello

    I was almost in your situation some time ago. In any case, I will share with you my thoughts. Maybe help you.

    I was evaluation install ESXi 4.0 for free in some IBM M2 x 3550 servers in internal USB flash

    As you say this KB is therefore clear: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010574

    Install esxi (built-in) USB is supported only if is done by the supplier of OEM (HP, Dell, IBM and Fujitsu-Siemens). Is also supported an ESXi installable install by the user by using the provider OEM USB flash devices supported (and local support for hard disks).

    The statement above apply to the SD devices.

    If I am mistaken, HP Dell not install the embedded version of esxi in an internal SD and is fully supported by vmware. Don't forget vmware has a agreement with all this OEM provider to fully support their esxi facilities incorporated.

    For example, think about this hypothetical situation. If the full SD/USB support dies and your virtual environment is partially/fully down, it's a good idea to have a SD/USB backup to get up the infrastructure as quickly as possible. Is this not supported? I don't think so

    In any case, if you want to be 100% sure, purchase the material supplier Server esxi embedded wirh installed and maybe get a backup supported (provider) SD

    Hope this long answer helps you

    Best wishes / Saludos.

    Pablo

    Please consider providing any useful answer. Thank you!! - Por favor considered premiar las useful responses. MUCHAS gracias!

  • T of what guest operating systems will start the VMware Support for EFI?

    Is there a list of support guest OS for the EFI firmware?  Mianly supported by VMware - do not try, fail, call support technique etc etc.   My experiences on the TP forums, I guess that there is not.  Some OS (such as Windows Server) come with a screen to choose BIOS/EFI firmware.  If not, you need to go to setting > Hard Drive OPtions-> advanced _ > boot using EFI.  In particular there at - it versions of Linux that you give you option of BIOS/EFI firmware before the confutation of VM is complete, so the hard drive then be custom.

    We will officially support the EFI firmware for any guest operating system to which all the following conditions are met:

    • We list this guest operating system, supported in the VMware Compatibility Guide for operating systems and your virtualization product.
    • The guest operating system supports EFI in the operating system installation media.
    • Support the guest OS EFI has no catastrophic flaws (for example Fedora 12 x 64, FreeBSD 11, Centos 6.0 through all the 6.2 have catastrophic flaws).

    New computer virtual assistant of 11 workstation has only the option of EFI firmware for Windows clients.  Special mention, do not yet support us Easy Install for non EFI customers in 11 workstations.  For all other customer support EFI OSes, you can do a manual installation after choosing the EFI firmware in the virtual machine settings > Options > Advanced > Boot with EFI instead of the BIOS.

    I don't understand your concern about the personalization of the hard drive... Could you elaborate?

    See you soon,.

    --

    Darius

  • VMware supported levels of Flare Code "Clariion CX 700"

    Guys, where can I find a list of codes flare storage supported?  We run what ESX 3.5 connected to a Clariion CX700.

    I have the feeling that the code current level is obsolete and must be refreshed to keep us in support.

    Any thoughts?

    Hello.

    The VMware Compatibility Guide has this information.  Click the link for the version of ESX (i) you use to see the supported FLARE levels.

    Good luck!

  • Cluster RedHat from VMware support

    Hello

    VMware officially support RedHat Cluster on ESX? I am particularly interested in cross-box cluster with fence_vmware (fencing with SSH).

    Personally, I consider this solution as a very low. Needs access and configuration of 'low level' SC, cannot be managed centrally, unaware of ESX cluster. In multi-ESX cluster infrastructure looks like a legacy of the island. What is your opinion?

    Best regards

    Martin

    Agreed.  There is no official statement from VMware on the clustering of RedHat, AFAIK.  Only a general statement for MSCS support grouping.  Other than fencing and ensure that you have entered a static ARP for multicast, the rest was pretty smooth.

    -KjB

    VMware vExpert

  • vpn SSL question

    Hello

    If I change the ip address of the SSL VPN module, re - generate the cert for the new IP address of the SSL VPN module?

    RDG

    That depends on whether your cert has been registered using the FULL domain name or ip address, if the ip address has been used then Yes, you must regenerate, if it was via FQDN and the FULL domain name changed not need him.

  • webvpn SSL questions

    Hello all, I was hoping someone could lend me a helping hand with trying to configure my SSL webvpn. I currently have installed customer and my vpn groups and policies defined and configured and I can successfully ssl VPN and the customer installs on the first connect, however I end up with errors like certificate not being does not trust and I would like to register a trust cert but don't know how to do. I'm under 7.2 2 AMPS 5.2 (2), if someone could help me to guide me in the right direction, it would be much appreciated.

    Thank you

    Paul

    Paul following this thread...

    http://Forum.Cisco.com/eForum/servlet/NetProf?page=NetProf&Forum=security&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddf7cc1

    Rgds

    Jorge

  • SSL with Starfield Deluxe High Assurance SSL question

    This certificate does not work with my PALM Centrino and waited more than 24 hours for teir support to give me access to the Mod of Cert tool which is no longer available via the links that I found in the forums referencing this issue in the past.  I have upgraded to an iPhone but have a client dedicated to the use of its Centrino Palm and want to get ActiveSync working for him, as soon as POSSIBLE.

    His business suffered for 48 hours since the old certificate SSL expired when his phone began to restart continuously until he wiped it off.  Now, I can't recreate his VersaMail Exchange without this error resolved SSL connection.

    Please ALL/ANY help is appreciated

    Please see this thread for more information on an alternative source to download the certificate change tool (CertMod): http://forums.palm.com/palm/board/message?board.id=activesync&message.id=5086#M5086

    Message is about: Treo 800w (Sprint)

  • SSL questions

    I'm trying to migrate an application on a secure server, but I had a few difficulties, so I used the wizard of ColdFusion Flex to generate a new project on this server. My main requirement is the use of RemoteObject to access my ColdFusion components.

    1st problem: loading the Web page, I get the error 'this page contains secure and safe ".
    Solution: unknown
    -J' tried to re - treat external links in the file main.html and .js for https files

    2nd problem: The RemoteObject property, Protocol, has been deprecated since v1.5
    Solution of dip: to "https" in front of your source.
    -It does not work if your source is "Acct.components.users".
    "Solution: I used a variant of endpoint="https://{server.name}:{server.port}{context.root}/flex2gateway/cfamfsecure.
    -Who seem to change my error on the face of http to https

    Here's a little snippet of my error message:

    (mx.rpc::Fault) #0
    errorID = 0
    faultCode = "Client.Error.MessageSend".
    faultDetail = "error Channel.Connect.Failed NetConnection.Call.Failed: HTTP: failed: url:"https://www.servername.com/flex2gateway/cfamfsecure"
    faultString = "send failed".
    message = "faultCode:Client.Error.MessageSend faultString: error faultDetail:'Channel.Connect.Failed"Send failed"NetConnection.Call.Failed: HTTP: failed: url: ' https://www.servername.com/flex2gateway/cfamfsecure"»
    name = "Error".
    rootCause = (mx.messaging.events::ChannelFaultEvent) #1


    I'm really curious to know if anyone has created a functional Flex application using flash remoting on a secure channel. And, if so, is there something special you had to do while setting up the app to make it work?

    Thank you
    Hoo


    I finally got it work, and it was not related to the SSL certificate. The final patches were a combination of things, that I had tried before, but I continued apparently lack of the right combination or something. Here's what I did:

    -Instead of using the "ColdFusion" destination in my RemoteObject, I used 'ColdFusionSecure '.
    -J' added 'ColdFusionSecure' as an additional definition in my file remoting - config.Xml.
    -J' made reference to this definition on channel "my-cfamf-secure" in my services-config file. XML
    -J' added the code set to false in the properties of this channel.

    I can not understand what was wrong, but it really works now. Thanks again for the help.

  • Question about support of Ubuntu host platforms

    According to the user's guide, the latest version of vmware server-supported Ubuntu is 8.04, which becomes a bit long in the tooth.

    -Are there a plan in the near future to support a newer version of ubuntu?

    -people run vmware server 2 on the latest versions of ubuntu without any significant problems?

    Hello

    You must run vmware server 2 on Ubuntu 8.04 without problems. It works very well because it is fully supported.

    Anyway people running vmware server 2 on Ubuntu 9.04 and 9.10. It is not supported and sometimes some questions (weird), but it should work.

    If you want to install vmware server on ubuntu 9.04 or 9.10, I recommend you visit the "VMWare server 2 install problems" section in this post.

    Hope this helps

    Best wishes / Saludos.

    Pablo

    Please consider providing any useful answer. Thank you!! - Por favor considered premiar las useful responses. ¡¡MUCHAS gracias!

    Virtually noob blog

  • Dv4-1430us: lack driver / / / question to support Assistant

    Hello, I just clean installed W7, I found a missing driver and I found the hardware ID

    ACPI\ENE0100

    * ENE0100

    Another question, I installed the new HP support assistant and he is supposed to find missing and outdated drivers? I know that some are outdated, but I don't know how. Neither windows update or HP support will find everything.

    DV4 1430US

    Hello

    Install:

    ENE CIR Receiver Driver

    http://ftp.HP.com/pub/SoftPaq/sp45001-45500/sp45214.exe

  • Question about support for LabVIEW DLLS and Unicode

    Hello

    I have a question about LabVIEW and DLL functions calls.

    I use a DLL (sorry, I can't share it) that was written in C. It was written to support Unicode and non-Unicode function calls.

    The Unicode function is valid, then FunctionNameW is called if FunctionNameA is called.

    I am building a few VI to access the library. I have the regular functions of FunctionNameA work.

    My question is, does LabVIEW support versions of function FunctionNameW Unicode, and if so is it necessary Although LabVIEW is already working with the standard function call?

    Am I being redundant or what should I build in Unicode support?

    The first time I tried to test the Unicode functions, I had an error, and I guess this is a system setting.

    Thank you for your time in advance.

    DB_IQ wrote:

    I don't think I have TO implement the Unicode, but I want if I can.

    For what I do, I think almost it is not serious. But I wanted to know if it could be used.

    The short answer is "Yes, you can do it."  However, it may open a new Pandora's box.  If you're not careful, problems and complications that can still spread to other projects that are not using Unicode!  It is better not to summon this monster unless there is absolutely no other way to do the job.

  • Envy 17 model 17-j102ea SSD Boot question, Legacy Support, BIOS

    Hi, first post ever and excuse if this has been covered - if so, please me directly to pertinent information.

    Bought an Envy 17-j102ea...

    Hardware problems I would like help / advice for, please:

    Legacy support / boot from USB Flash Stick:
    Tried to install Windows 8 via a USB bootable work has confirmed...
    The laptop does not detect except Legacy Support is turned on...
    Once Windows is installed on drive (1 TB 5400 original disc), if I turn OFF then Legacy Support again (as DEFAULT) it starts not from the installed windows now HDD - only when I put Legacy Support back on will it boot.
    Can someone please explain / advise?

    Question SSD:
    Try to use a 240GB vertex 3 SSD Drive...
    Computer laptop wont recognize it- whether it is in Legacy Support mode...
    I've seen a few posts on the compatibility and 240 GB not supported...
    It's for real?

    BIOS:
    This is a complaint, I want something on this topic, please...
    REALLY.
    Why so basic bios options?
    Why can't have two readers in the laptop and choose which start from the first that is alternate between discs easily when I choose?
    For a decent computer ", a poor quality BIOS, it disappoints BIG TIME.
    It should be fairly easy for programmers to HP create a GUI BIOS updated with the best options.

    * I'm a student in computer SCIENCE and make a clean installation on this laptop with no product key, SSD and a very basic BIOS incompatibility sticker, I find it a little boring, and it takes a lot of my time...

    Looking forward to some useful answers.
    Thank you in advance.

    Oh, I didn't know you meant that.

    Update:

    I bought 8.1 Pro student - implemented on a USB stick (the same Corsair Voyager one) - activated UEFI mode...

    It set up perfectly om the 240 GB agility SSD 3!

    On the F9 boot menu option it acknowledged even the USB as UEFI.

    Very happy now :))

    BUT, can you please help me with something else?

    I put the 1 TB HDD in BAY2 5400 original, and it is not recognized at all.

    Any suggestions?

    So, thank you for your help miuch. : )

    ... LAST UPDATED:

    After rebooting the system TWO it recognizes the 1 TB drive! : )

    Thanks again for your help.

    You have been great, and I learned a lot on the way :)

    Best wishes...

Maybe you are looking for

  • Received an email from Mozilla request for money is a scam?

    You are running a campaign to ensure that we cooperate with money... I received 2 emails asking me to donate to "FIREFOX + u" is this a real request or a SCAM, I used your product for years and I think it will just cooperate, but now a day you don't

  • dv4-1028us laptop HDMI audio popping and cracking

  • Installation of Windows XP on Satellite Pro P200

    Hi guys,. I have a problem installing Windows XP Home SP2 (listen Slip) edition in my new Satellite Pro P200 with 2-120 GB hard drives. The vehicle currently has windows vista professional. I followed this link to a similar question on this site: htt

  • the voicemail icon

    Does anyone know how to get the voicemail icon go? I deleted voice messages, but the icon remains in my notification bar.

  • Lenovo G500 blocked "Lenovo splash screen.

    Hello I have Lenovo g500 core i7 ram6 ati radeon 8750 1 tb hard drive. It was like a month, this laptop hangs at the splash screen. I live in Iran and that the laptop is made in China. I searched the forums and found the solution 'removing the batter