环境:
Microsoft(R) Windows(R) Server 2003, Enterprise Edition Service Pack2
Microsoft(R) Windows(R) Server xp, Enterprise Edition Service Pack3
描述:
安装 Vmware vSphere Clinet 5.5过程中出现警告如下:
Vmware vSphere Clinet 5.5 安装在 Windows XP 或者 Windows Server 2003系统时, vSphere 客户端链接vCenter Server 5.5时可能发生错误。详情请查看VMware 知识库档案号为 2049143。
安装 Vmware vSphere Clinet 5.5后链接中出现警告如下:
解决:
安装相对应补丁版本号:Fix192447
补丁下载链接:
英文本版:
- x64: http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe
- ia64:
- i386:
Hotfix 19247 from Microsoft Support Hotfix Reques
处理过程:
根据平台的不同选择安装相应的补丁
参考原文:
vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.5 due to a Handshake failure (2049143)
Details
When installed on a Windows XP or Windows Server 2003 host machine, the vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.5 due to a Handshake failure. vSphere 5.5 uses the Open SSL library, which, for security, is configured by default to accept only connections that use strong cipher suites. On Windows XP or Windows Server 2003, the vSphere Client and vSphere PowerCLI do not use strong cipher suites to connect with vCenter Server. This results in the error No matching cipher suite on the server side, and a Handshake failure on the vSphere Client or vSphere PowerCLI side.
Solution
To work around this issue, perform one of these options:
- For Windows Server 2003 or 64-bit Windows XP, apply the appropriate Microsoft hotfix:
- Platform: x64: http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe
- Platform: ia64:http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351397_ENU_ia64_zip.exe
- Platform: i386:http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe
For additional language options, request the appropriate file for Hotfix 19247 from Microsoft Support Hotfix Request.
Note: The preceding links were correct as of November 4, 2013. If you find a link is broken, provide feedback and a VMware employee will update the link.
- For Windows Server 2003, 64-bit Windows XP, or 32-bit Windows XP, perform one of these options:
- Before installing the vSphere Client or vSphere PowerCLI, upgrade the Windows operating system on the host machine to Windows Vista or later.
- On the vCenter Server 5.5 host machine, modify the vpxd.cfg to reduce the implied security by allowing the server to communicate using weak cipher suites:
For Windows-based vCenter Server
- Connect to the vCenter Server using RDP.
- Navigate to the directory:
C:\ProgramData\VMware\VMware VirtualCenter\
- Backup the vpxd.cfg file. Do not skip this step.
- Open the vpxd.cfg file in a text editor
- Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, for example:
<config>
...
<vmacore>
...
<ssl>
...
<cipherList>ALL</cipherList>
...
</ssl>
...
</vmacore>
...
</config> - Save and close the vpxd.cfg file.
- Restart the vCenter Server service for the setting to take affect. For more information, see Stopping, starting, or restarting vCenter services (1003895).
For the vCenter Server Appliance
- Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance in the vCenter Server and Host Management Guide.
- Navigate to the directory:
/etc/vmware-vpx/
- Backup the vpxd.cfg file. Do not skip this step.
- Open vpxd.cfg file in a plan text editor
- Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, For example:
<config>
...
<vmacore>
...
<ssl>
...
<cipherList>ALL</cipherList>
...
</ssl>
...
</vmacore>
...
</config> - Save and close the vpxd.cfg file.
- Restart the vCenter Server service for the change to take effect. For more information, see Stopping, starting, or restarting vCenter Server Appliance services (2054085).
On the ESXi 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:
For ESXi 5.5
- Connect to the host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746).
- Navigate to the directory:
/etc/vmware/rhttpproxy/
- Backup the config.xml file. Do not skip this step.
- Open config.xml file using vi editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
- Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file. Use the model below as an example:
<config>
...
<vmacore>
...
<ssl>
<doVersionCheck> false </doVersionCheck>
<useCompression>true</useCompression>
<libraryPath>/lib/</libraryPath>
<handshakeTimeoutMs>120000</handshakeTimeoutMs>
<cipherList>ALL</cipherList>
</ssl>
...
</vmacore>
...
</config> - Save and close the config.xml file
- Reset the rhttpproxy service for the change to take effect by running the command:
/etc/init.d/rhttpproxy restart
Vmware vSphere Clinet 5.5 Win2003 WinXp无法连接的处理,布布扣,bubuko.com