Connection to an external host failed with "handshake alert: unrecognized_name"
book
Article ID: 322723
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
A connection using SSL may fail with error handshake alert: unrecognized_name when the external Host is set use Server Name Identification (SNI)
Environment
VMware vRealize Automation 8.x
VMware vRealize Orchestrator 8.x
Cause
If the Server Name Identification (SNI) fails, then the connection will fail with "handshake alert: unrecognized_name"
Resolution
- To resolve the issue please update the server you are trying to connect to.
- If the external endpoint cannot be updated, vRO maybe configured to disable SNI. See the Workaround below.
Disable SNI in vRO
Prerequisites
- Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
- You have access to root user and password
- You have SSH or console access to each virtual appliance.
Procedure
- SSH / PuTTy into one vRA virtual appliance in the cluster
- Please create a backup /opt/charts/vco/templates/deployment.yaml in the root folder or any other folder
-
cp -a /opt/charts/vco/templates/deployment.yaml /root/vro-deployment.yaml.bak
Note: Please make sure the backup file is not in the same folder as this will cause the service deployment to fail
- Open the file in vi or another text editor of your choice. vi is available on the appliance.
vi /opt/charts/vco/templates/deployment.yaml
- Navigate to the section starting with - name: vco-server-app
- Below it you will find JVM_OPTS
- Add a new line and append the following
-Djsse.enableSNIExtension=false
- Save the file with command
:wq!
- Once services are deployed again then Server Name Identification (SNI) is disabled. To re-deploy / re-start services, follow the instructions available at Starting and stopping vRealize Automation (vmware.com)
Feedback
thumb_up
Yes
thumb_down
No