"cannot retrieve PSC version" error when migrating from vCenter Server 6.5 on Windows 2008 R2
search cancel

"cannot retrieve PSC version" error when migrating from vCenter Server 6.5 on Windows 2008 R2

book

Article ID: 313897

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Migrating a Windows Server 2008 R2 installed vCenter Server 6.0 to vCenter Server Appliance 6.7 , 6.5 using external PSC, fails with the error
 "Failed to retrieve version information from the remote Platform Services Controller." instead of "cannot retrieve PSC version". 
  • In the migration-assistant.log, you see entries similar as:

2019-02-28 07:54:22.256Z| migration-assistant-11726888| I: ConnectToLdapServer: Connecting to ldap server [FQDN of PSC] on port [636]

2019-02-28 07:54:22.260Z| migration-assistant-11726888| E: ConnectToLdapServer: Failed to connect to the LDAP server. Error code: 81

2019-02-28 07:54:22.260Z| migration-assistant-11726888| W: RetrievePSCMajorMinorVersion: Failed to connect to server [FQDN of PSC] to validate PSC version using Platform Services Conntroller LDAPs port [636].

2019-02-28 07:54:22.260Z| migration-assistant-11726888| I: ConnectToLdapServer: Connecting to ldap server [FQDN of PSC] on port [11712]

2019-02-28 07:54:43.255Z| migration-assistant-11726888| E: ConnectToLdapServer: Failed to connect to the LDAP server. Error code: 81

2019-02-28 07:54:43.255Z| migration-assistant-11726888| E: RetrievePSCMajorMinorVersion: Failed to connect to server [FQDN of PSC] on legacy LDAPs port [11712].

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.0.x

Cause

Transport Layer Security (TLS) 1.2 is the default protocol for Platform Service Controller 6.7 by default, while  TLS 1.2 is not supported by default on Windows Server 2008 R2.

Management node migration is blocked if TLS 1.2 is not enabled on the source vCenter Server 6.0.

Resolution

To resolve this issue, enable TLS 1.2 on Windows Server 2008 R2.

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 256986.

  1. Navigate to the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  1. Create a new folder and label it TLS 1.2.
  2. Create two new keys with the TLS 1.2 folder, and name the keys Client and Server.
  3. Under the Client key, create two DWORD (32-bit) values, and name them DisabledByDefault and Enabled.
  4. Under the Server key, create two DWORD (32-bit) values, and name them DisabledByDefault and Enabled.
  5. Ensure that the Value field is set to 0 and that the Base is Hexadecimal for DisabledByDefault.
  6. Ensure that the Value field is set to 1 and that the Base is Hexadecimal for Enabled.
  7. Reboot the Windows Server 2008 R2 machine.
For more information on using TLS 1.2 with Windows Server 2008 R2, refer to the operating system documentation

Powered by Wolken Software