Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client (2031053)

Details

The vSphere Client does not connect to the inventory service when installed on Windows Server 2003 or Windows XP, and has these symptoms:
  • When you try to search the vSphere Client inventory, you see the error message:

    Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)

  • While trying to sort by name at the cluster level, you see the error :

    Error when trying to sort : Login to query service failed: The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream

  • Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.

  • In the performance overview page, you see the error:

    This program cannot display the webpage

Solution

This issue occurs due to increased security of the cipher strengths which are, by default, used  by the VMware Management Web Services components. Due to this change that was introduced in vSphere 5.1, the host operating system is required to support a higher cipher strength to be able to connect to these components.
 
In Windows Vista and Windows Server 2008, the proper cipher strengths are built into the operating system. However, for older Windows operating systems, a Microsoft hotfix must be applied to add the supported cipher strengths. 
 
For more information on the cipher strengths that get added with the hotfix, see the Microsoft Knowledge Base article 948963.
 
Note: The preceding link was correct as of November 30, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.

Resolution

Windows 2003 and Windows XP (64bit Edition)
 
For Windows Server 2003 (32 bit and 64 bit) and Windows XP (64 bit), apply the appropriate hotfix to the machine on which the vSphere Client is installed.

Note: The Microsoft Knowledge Base article does not specify Windows XP, but the x64 hotfix for Windows Server 2003 can be successfully applied to 64bit Windows XP.

To download the hotfix for your system, see the Microsoft Knowledge Base article 948963.

Notes:
  • You must reboot the machine after applying the hotfix.
  • Non-English versions of the hotfixes are also available on the Microsoft site. Click the Show hotfixes for all platforms and languages link on the Hotfix Request page to view the available versions.
 
Windows XP (32 bit)

There is no hotfix available for Windows XP (32 bit). Microsoft currently only provides limited support for Windows XP, and as a result the hotfix has not been released for it. To resolve this issue, you must upgrade your host operating system to Windows Vista or later, which support the use of high cipher strengths.

 
If you are unable to upgrade your environment, you may try adding less secure cipher strengths back to the configuration, which allows communication to proceed successfully. 
 
To add less secure cipher strengths back to the configuration:
 
Caution: This is not a recommended configuration and is provided for backward compatibility purposes only. This is not extensively tested and is supported on a best effort basis only. 


  1. Log in as an administrator to the server where vCenter Server 5.1 is installed.
  2. Navigate to the tomcat configuration directory. 

    Note: By default, this directory is located at C:\Program Files\VMware\Infrastructure\tomcat\conf\.

  3. Open the server.xml file using a text editor.
  4. Change the Connector text to add support for weaker ciphers by changing it from:

    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>

    To:

    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>

    Note:  Add only the red text as indicated and do not change any other options. This adds back support for less secure cipher strengths for backward compatibility purposes. 

  5. Restart the VMware VirtualCenter Management Web Services service.

Update History

09/21/2012 - Added note to reboot machine after applying hotfix 10/02/2012 - Added not to install the patch on vCenter Server machine 10/18/2012 - Added additional symptom 11/09/2012 - Added link to Microsoft KB 11/29/2012 - Added clarification about Windows 2003 hotfix compatibility with 64-bit Windows XP 01/23/13 - Added additional symptom, sorting from the cluster level

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 18 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 18 Ratings
Actions
KB: