• Launching the VMware Remote Console (VMRC) of VMs, the error message "Connection error: could not negotiate SSL" is encountered.
  
• Web console for the VMs remains accessible.
• C:\Users\<loginUser>\AppData\Local\Temp\vmrc-plugin

YYYY-MM-DDTHH:MM:SS In(05) vmrc MKSControl: Connect
YYYY-MM-DDTHH:MM:SS No(00) vmrc CUIMKS: Console session connection status: connected now for [vcenter.example.com]:[########].
YYYY-MM-DDTHH:MM:SS In(05) vmrc CUIMKS: cui::MKS::OnSetAttachedCompleted (73720A0)
YYYY-MM-DDTHH:MM:SS In(05) vmrc VMMgr: Finished opening VM at /vm/#_######_vm-####/ from vcenter.example.com:vm-####
YYYY-MM-DDTHH:MM:SS In(05) vmrc cui::MKSScreenWindowCoordinator::HandleGuestTopologyChange: main UI rect: 720x480 @ 208,262
YYYY-MM-DDTHH:MM:SS In(05) vmrc cui::MKSScreenWindowCoordinator::HandleGuestTopologyChange: Found 0 present screens
YYYY-MM-DDTHH:MM:SS In(05) vmrc cui::MKSScreenWindowCoordinator::HandleGuestTopologyChange: Windows for extra guest monitors will not be shown
YYYY-MM-DDTHH:MM:SS In(05) vmrc DlgUI: Connection error: could not negotiate SSL.

The issue arises when access to the Host Client is disabled on the client machine, preventing the client from connecting over port 443 to access the VMRC console.

Post VMRC 11.0, the port has been changed from 902 to 443.

Refer: VMware Remote Console 11.x

To resolve this issue, TCP port 443 is required to be open between the client machine and all ESXi hosts, as stipulated by the port requirements.

Workaround:

Enable the MKS Development Proxy to successfully route console traffic through vCenter Server, bypassing a direct connection to the host.

• Log in to vCenter Server.
• Navigate to the vCenter object > Configure tab.
• Select Advanced Settings > Edit Settings.
• Add the parameter: config.mksdevproxy.enable
• Set the value to: true

Reference Document: https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/enable-the-vmware-remote-console-proxy.html