Search the VMware Knowledge Base (KB)
View by Article ID

Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client (2031053)

  • 44 Ratings

Details

The vSphere Client does not connect to the Inventory service when installed on Windows Server 2003 or Windows XP, and has these symptoms:
  • When you try to search the vSphere Client inventory, you see the error message:

    Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)

  • In the viclient-x-xxxx.log (located at: %USERPROFILE%\AppData\Local\VMware\vpx), you see entries similar to:
Exception rethrown at [0]: 
...
at System.Net.HttpWebRequest.GetResponse()
at VirtualInfrastructure.Utils.WebDownload.GetResponse()
System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
...
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
[ :Error :P: 7] YYYY-MM-DD 12:54:12.808 possible failure processing clients.xml
System.Net.WebException: The client could not send a complete request to the server. (The underlying connection was closed: An unexpected error occurred on a send.)
at VirtualInfrastructure.Utils.WebQuery.LocalizeWebException(WebException exception)
at VirtualInfrastructure.Utils.WebQuery.Request(String url, Nullable`1 timeoutSecs)
at VirtualInfrastructure.Utils.ClientsXml.ParseXml(Int32 timeoutSecs)
at VpxClient.Login.ClientsXmlLoader.TrySinglePort(ClientsXml clientXml, Exception& activeError)
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
Server stack trace: 
  • While trying to sort by name at the cluster level, you see the error:

    Error when trying to sort : Login to query service failed: The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream

  • Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.

  • In the performance overview page, you see the error:

    This program cannot display the webpage

Solution

This issue occurs due to increased security of the cipher strengths which are, by default, used by the VMware Management Web Services components. Due to this change that was introduced in vSphere 5.1, the host operating system is required to support a higher cipher strength to be able to connect to these components.
 
In Windows Vista and Windows Server 2008, the proper cipher strengths are built into the operating system. However, for older Windows operating systems, a Microsoft hotfix must be applied to add the supported cipher strengths.
 
For more information on the cipher strengths that get added with the hotfix, see the Microsoft Knowledge Base article 948963.
 
Note: The preceding link was correct as of March 18, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.

Resolution

Windows 2003 (32-bit and 64-bit Edition)
 
For Windows Server 2003 (32-bit and 64-bit), apply the appropriate hotfix to the machine on which the vSphere Client is installed.

If the vSphere Client is installed on the Windows Server where vCenter Server is installed, you must also apply the patch to that Windows Server.

To download the hotfix for your system, see the Microsoft Knowledge Base article 948963.

Notes:
  • You must reboot the machine after applying the hotfix.
  • Non-English versions of the hotfixes are also available on the Microsoft site. Click the Show hotfixes for all platforms and languages link on the Hotfix Request page to view the available versions.
 
Windows XP (32-bit)

There is no hotfix available for Windows XP (32-bit). Microsoft currently only provides limited support for Windows XP, and as a result the hotfix has not been released for it. To resolve this issue, you must upgrade your host operating system to Windows Vista or later, which support the use of high cipher strengths.

 
If you are unable to upgrade your environment, you may try adding less secure cipher strengths back to the configuration, which allows communication to proceed successfully. 
 
To add less secure cipher strengths back to the configuration:
 
Cautions
  • This is not a recommended configuration and is provided for backward compatibility purposes only. The below information is provided as-is, is unsupported and to be used at your own risk.
  • Implementing the below configuration in which the cipher strength is reduced may not work for Inventory searching via the vSphere Client connected to vCenter Server.
  1. Log in as an administrator to the server where vCenter Server is installed.
  2. Navigate to the tomcat configuration directory.

    Note: By default, this directory is located at C:\Program Files\VMware\Infrastructure\tomcat\conf\. In vCenter Server Appliance, the file is located at /usr/lib/vmware-vpx/tomcat/conf.

  3. Open the server.xml file using a text editor.
  4. Change the Connector text to add support for weaker ciphers by changing it from:

    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>

    To:

    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA ,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>

    Note: Add only the red text as indicated and do not change any other options. This adds back support for less secure cipher strengths for backward compatibility purposes.

  5. Restart the VMware VirtualCenter Management Web Services service. For more information, see   Stopping, starting, or restarting vCenter services (1003895)
    .

Additional Information

For translated versions of this article, see:

Update History

09/21/2012 - Added note to reboot machine after applying hotfix 10/02/2012 - Added not to install the patch on vCenter Server machine 10/18/2012 - Added additional symptom 11/09/2012 - Added link to Microsoft KB 11/29/2012 - Added clarification about Windows 2003 hotfix compatibility with 64-bit Windows XP 01/23/13 - Added additional symptom, sorting from the cluster level

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 44 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 44 Ratings
Actions
KB: