Environment
Situation
Resolution
To work around this issue, on the vCenter Server 5.5 host machine, modify the vpxd.cfg to reduce the implied security by allowing the server to communicate using weak cipher suites:
For Windows-based vCenter Server:
1. Connect to the vCenter Server using RDP.
2. Navigate to the directory:
C:\ProgramData\VMware\VMware VirtualCenter\
3. Backup the vpxd.cfg file. Do not skip this step.
4. Open the vpxd.cfg file in a text editor
5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, for example:
<config>
...
<vmacore>
...
<ssl>
...
<cipherList>ALL</cipherList>
...
</ssl>
...
</vmacore>
...
</config>
6. Save and close the vpxd.cfg file.
7. Restart the vCenter Server service for the setting to take affect.
For the vCenter Server Appliance:
1. Connect to the vCenter Server Appliance via SSH.
2. Navigate to the directory:
/etc/vmware-vpx/
3. Backup the vpxd.cfg file. Do not skip this step.
4. Open vpxd.cfg file in a plan text editor
5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file, For example:
<config>
...
<vmacore>
...
<ssl>
...
<cipherList>ALL</cipherList>
...
</ssl>
...
</vmacore>
...
</config>
6. Save and close the vpxd.cfg file.
7. Restart the vCenter Server service for the change to take effect.
Note: On the ESXi 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:
For ESXi 5.5:
1. Connect to the host via SSH.
2. Navigate to the directory:
/etc/vmware/rhttpproxy/
3. Backup the config.xml file. Do not skip this step.
4. Open config.xml file using vi editor.
5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file. Use the model below as an example:
<config>
...
<vmacore>
...
<ssl>
<doVersionCheck> false </doVersionCheck>
<useCompression>true</useCompression>
<libraryPath>/lib/</libraryPath>
<handshakeTimeoutMs>120000</handshakeTimeoutMs>
<cipherList>ALL</cipherList>
</ssl>
...
</vmacore>
...
</config>
6. Save and close the config.xml file
7. Reset the rhttpproxy service for the change to take effect by running the command:
/etc/init.d/rhttpproxy restart