• A newly installed vCenter Server 8.0 Update 3 is unable to communicate with a CyberArk server.
  
  
• Network traces indicate that communication attempts are failing during the TLS handshake because the client hello request coming in from CyberArk is using legacy TLS 1.0 (0x0301).
  
  
• As a result, the connection between vCenter Server and CyberArk resets.

VMware vCenter Server 8.0.3

The communication failure is caused by a protocol mismatch. vCenter Server 8.0 Update 3 is hardened by default to enforce TLS 1.2 or higher. However, the CyberArk server (or intermediary network devices like firewalls/DPI engines) initiates the connection using the insecure TLS 1.0 protocol, which is explicitly rejected by the vCenter Server.

• Contact CyberArk support to address this issue. Ensure the CyberArk server is explicitly configured to use TLS 1.2 for all outbound connections to the vCenter Server.
• Inspect all the network Intermediaries. Verify that firewalls, load balancers, or Deep Packet Inspection (DPI) engines are not downgrading the TLS version of the traffic or intercepting and re-originating the traffic using legacy protocols.

vCenter Server 8.0 Update 3 follows modern security standards which disable legacy protocols (TLS 1.0 and 1.1) by default. For more information on managing TLS protocols in vSphere, refer to the vSphere Security Documentation.