Error discovering vSphere 5.5: Unable to use sudo on 'IP' using provided credentials

  • Document ID:7014621
  • Creation Date:25-Feb-2014
  • Modified Date:05-Mar-2014
    • Micro Focus Products:
      PlateSpin Migrate

Environment

NetIQ PlateSpin Migrate 11

Situation

This article describes on how to workaround an error occurred during discovery of vSphere 5.5.

Error: Unable to use sudo on 'IP' using provided credentials. Please verify that root has the required permissions set in the sudoers file."

Resolution

To work around this issue, on the vCenter Server 5.5 host machine, modify the vpxd.cfg to reduce the implied security by allowing the server to communicate using weak cipher suites:

For Windows-based vCenter Server:

1. Connect to the vCenter Server using RDP.

2. Navigate to the directory:

C:\ProgramData\VMware\VMware VirtualCenter\

3. Backup the vpxd.cfg file. Do not skip this step.

4. Open the vpxd.cfg file in a text editor

5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, for example:

<config>

...

<vmacore>

...

<ssl>

...

<cipherList>ALL</cipherList>

...

</ssl>

...

</vmacore>

...

</config>

 

6. Save and close the vpxd.cfg file.

7. Restart the vCenter Server service for the setting to take affect.

 

For the vCenter Server Appliance:

1. Connect to the vCenter Server Appliance via SSH.

2. Navigate to the directory:

/etc/vmware-vpx/

3. Backup the vpxd.cfg file. Do not skip this step.

4. Open vpxd.cfg file in a plan text editor

5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, For example:

 

<config>

...

<vmacore>

...

<ssl>

...

<cipherList>ALL</cipherList>

...

</ssl>

...

</vmacore>

...

</config>

 

6. Save and close the vpxd.cfg file.

7. Restart the vCenter Server service for the change to take effect.

Note: On the ESXi 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:

 

For ESXi 5.5:

1. Connect to the host via SSH.

2. Navigate to the directory:

/etc/vmware/rhttpproxy/

3. Backup the config.xml file. Do not skip this step.

4. Open config.xml file using vi editor.

5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file. Use the model below as an example:

<config>

...

<vmacore>

...

<ssl>

<doVersionCheck> false </doVersionCheck>

<useCompression>true</useCompression>

<libraryPath>/lib/</libraryPath>

<handshakeTimeoutMs>120000</handshakeTimeoutMs>

<cipherList>ALL</cipherList>

</ssl>

...

</vmacore>

...

</config>

 

 

6. Save and close the config.xml file

7. Reset the rhttpproxy service for the change to take effect by running the command:

/etc/init.d/rhttpproxy restart

Cause

vSphere 5.5 uses the Open SSL library, which, for security, is configured by default to accept only connections that use strong cipher suites.


Additional Information

Information extracted from VMware KB 2049143.