vSphere Web Client is unavailable after applying windows updates
search cancel

vSphere Web Client is unavailable after applying windows updates

book

Article ID: 342323

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides resolution and steps to work around the issue when searching for inventory in vSphere Client fails with the An SSL error occurred. (The Request was aborted: Could not create SSL/TLS secure channel.)error.


Symptoms:
Searching the inventory in vSphere Client fails with the error:

Login to the query service failed.
An SSL error occurred. (The Request was aborted: Could not create SSL/TLS secure channel.)
Note: For additional symptoms and log entries, see the Additional Information section.


Environment

VMware vCenter Server 5.1.x
VMware vCenter Server 5.5.x
VMware vCenter Server 5.0.x
VMware vCenter Server 6.0.x

Cause

This issue is caused by the deprecation of weak Diffie-Hellman ephemeral (DHE) keys with lengths less than 1024 bit in recent patches released by Microsoft.

Resolution

This issue is resolved in vCenter Server 5.0 Update 3g, available at VMware Downloads. For more information, see the VMware vCenter Server 5.0 Update 3g Release Notes
This issue is resolved in vCenter Server 5.1 Update 3d, available at VMware Downloads. For more information, see the VMware vCenter Server 5.1 Update 3d Release Notes.
This issue is resolved in vCenter Server 5.5 Update 3b, available at VMware Downloads. For more information, see the VMware vCenter Server 5.5 Update 3b Release Notes.
This issue is resolved in vCenter Server 6.0 Update 1b, available at VMware Downloads. For more information, see the VMware vCenter Server 6.0 Update 1b Release Notes.

VMware recommends upgrading to a supported version of vSphere. For more information, see the VMware Lifecycle Product Matrix.

To work around this issue, use one of these options:
  • Add the following registry key:

    Notes:
    • This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 256986.
    • Create a backup of the registry prior to modifying

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]      "ClientMinKeyBitLength"=dword:00000200
  • Remove these Microsoft patches:

    • KB3172605
    • KB3163018
    • KB3161608
    • KB3161639
    • KB3163017
    • KB3185278
    • KB3175024


Additional Information

You experience these additional symptoms:
  • Navigating to the vSphere Web Client returns:

    This page can’t be displayed
  • Live performance charts show the error:

    This page can’t be displayed
  • vCenter Health Status and Hardware Status plugins fail.
  • In the %AppData%\Local\VMware\vpx\viclient-x.log file, you see entries similar to:

    [:ShowExcp:M: 7]YYYY-MM-DD <time> Error: Login to the query service failed.
    An SSL error occured. (The request was aborted: Could not create SSL/TLS secure channel.)
    System.Exception: Login to the query service failed.
    An SSL error occured. (The request was aborted: Could not create SSL/TLS secure channel.)
    System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
    Server stack trace:
    at System.Net.HttpWebRequest.GetResponse()
    Exception rethrown at [0]:</time>

    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Verbose logging for VMware Infrastructure Client and vSphere Client
Enabling debug logging on the VMware vSphere 5.x/6.x Web Client service
Enable debug logging for the vCenter Inventory Service
Enabling debug logging for the vCenter Inventory Service in vCenter Server 6.0
Windows Update を適用すると vSphere Web Client が使用できなくなる
vSphere Web Client 在应用窗口更新后不可用

Powered by Wolken Software