Client Automation - RVI collect in error for Vcenter

book

Article ID: 140266

calendar_today

Updated On:

Products

CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation

Issue/Introduction

Virtual Host Inventory collect task for a vmware vcenter server is in error status.

 

In TRC_UAM_AMVMINVUX_*.log following error appear :

amvminvux |amvminvux |esxapi.cpp |000070|INFO   | esxapi::init: Connecting
amvminvux |amvminvux |esxapi.cpp |000221|ERROR  | esxapi::RetrieveServiceContent: SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"EOF was observed that violates the protocol. The client probably provided invalid authentication information."
Detail: SSL_connect error in tcp_connect()

amvminvux |amvminvux |esxapi.cpp |000097|ERROR  | esxapi::init: Failed to connect to URL https://vcentername/sdk
amvminvux |amvminvux |AMInventoryESX.cpp  |000153|ERROR  | esx init failed (url=https://vcentername/sdk): 1

 

Cause

This problem could occur if vcenter does not support TLS cipher suite supported by CAPKI 5.1.1



Environment

Release : 14.0, 14.0 SP1, 14.0 SP2, 14.0 SP3

Component : Client Automation


Resolution

Add support of TLS cipher suite AES256-GCM-SHA384 in vcenter configuration


Example :

in file /etc/vmware-rhttpproxy/config.xml add  AES256-GCM-SHA384 in cipherlist


<ssl>

      <doVersionCheck> false </doVersionCheck>

      <!-- allowed SSL/TLS protocol versions -->

      <protocols>tls1.2</protocols>

      <libraryPath></libraryPath>

      <cipherList>!aNull:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</cipherList>

</ssl>



and restart rhttpproxy service


service-control --stop rhttpproxy

service-control --start rhttpproxy