Just found the vSphere client is no longer compatible with Windows XP because it uses increased cypher strengths not available in Windows XP when connecting to ESXi 5.5. Later versions of windows will work, and there is a hotfix available for Windows 2003 server machines that fall foul of this change.

1. Symptoms

2. Solutions

Refer to Vmware Support KB:vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.1 and 5.5 due to a Handshake failure (2049143)

On the ESXi 5.1 and 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:

 For ESXi 5.1 and 5.5

  • Connect to the host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746). For my case, my SecureCRT has to use Keyboard Interactive mode to do authentication to get log into Vmware ESXi 5.5. 
  • Navigate to the directory:

/etc/vmware/rhttpproxy/

  • Backup the config.xml file. Do not skip this step.

cp config.xml config.xml.bak

  • Open config.xml file using vi editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  • Add the <cipherList>ALL</cipherList> parameter between the <ssl>…</ssl> section of the configuration file. Use the model below as an example: 

<config>

<vmacore>

<ssl>
<doVersionCheck> false </doVersionCheck>
<useCompression>true</useCompression>
<libraryPath>/lib/</libraryPath>
<handshakeTimeoutMs>120000</handshakeTimeoutMs>
<cipherList>ALL</cipherList>
</ssl>

</vmacore>

</config>

  • Save and close the config.xml file
  • Reset the rhttpproxy service for the change to take effect by running the command:

/etc/init.d/rhttpproxy restart

By Jon

Leave a Reply