Disabling TLS 1.0 and 1.1 on 6.5 ESXi hosts from VCSA 6.7 fails with AttributeError
Article ID: 310565
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Symptoms:
This issue is specific to environment as below
Disable TLS 1.0 and 1.1 on 6.5 ESXi hosts from VCSA 6.7 fails with below error message.
root@VC001 [ /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterCluster -c ESXi-host-5 -u [email protected] -p TLSv1.2
ESXi Transport Layer Security reconfigurator, version=6.5.0, build=7766806
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Validating product version at: "localhost".
Traceback (most recent call last):
File "./reconfigureEsx", line 564, in <module>
main()
File "./reconfigureEsx", line 560, in main
args.func(args)
File "./reconfigureEsx", line 214, in ReconfigureVCenterClusters
args.process_all)
File "./reconfigureEsx", line 195, in LocateVCenterEntities
for key, values in result.iteritems():
AttributeError: 'collections.defaultdict' object has no attribute 'iteritems'
This issue is specific to environment as below
- Customer has vCenter server appliance/vCenter server 6.7 U1
- Customer has ESXi 6.5 hosts
- Customer wanted to disable TLS1.0 and TLS1.1 for the existing 6.5 ESXi hosts
Disable TLS 1.0 and 1.1 on 6.5 ESXi hosts from VCSA 6.7 fails with below error message.
root@VC001 [ /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterCluster -c ESXi-host-5 -u [email protected] -p TLSv1.2
ESXi Transport Layer Security reconfigurator, version=6.5.0, build=7766806
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Validating product version at: "localhost".
Traceback (most recent call last):
File "./reconfigureEsx", line 564, in <module>
main()
File "./reconfigureEsx", line 560, in main
args.func(args)
File "./reconfigureEsx", line 214, in ReconfigureVCenterClusters
args.process_all)
File "./reconfigureEsx", line 195, in LocateVCenterEntities
for key, values in result.iteritems():
AttributeError: 'collections.defaultdict' object has no attribute 'iteritems'
Environment
VMware vCenter Server Appliance 6.7.x
VMware vSphere ESXi 6.5
VMware vCenter Server 6.7.x
VMware vSphere ESXi 6.5
VMware vCenter Server 6.7.x
Cause
This is due to the VCSA 6.7 using Python 3.x whereas vCenter 6.5 uses Python 2.x
Resolution
This is a known issue due to python 3.x changes in vCSA 6.7
Workaround:
Note : Before executing the script, please take snapshot/backup of the vCenter server
Please try the changes on the script using the below steps
- Copy the original file as a backup before modifying
cp /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/reconfigureEsx /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/reconfigureEsx_orig
sed -i.orig 's/iteritems/items/' /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/reconfigureEsx
- Copy the nfclib.py which is compatible with python 2.x post taking the original file backup
cp /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py_orig
cp /usr/lib/vmware/site-packages/pyVim/nfclib.py /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py
Feedback
Yes
No
Powered by
