ssl verification failure due to a host thumbprint ...

fletch00 · ‎11-01-2011

We put our vcenter behind a BigIP loadbalancer port 443 VIP.

Now when we connect through this VIP its 90% functional, except when we attempt to open a console window to a VM, we get the error:

ssl verification failure for "newVIP" due to a host thumbprint mismatch.

So far I have not found a KB doc addressing this - anyone seen this?

thanks

VCP5 VSP5 VTSP5 vExpert http://vmadmin.info

NinjaHideout · ‎11-01-2011

The vSphere client needs access to TCP/902 on the ESX host for the remote console. If the loadbalancer also handles the traffic to the ESX, the error makes sense: it looks like a "man in the middle" attack to the client.

See http://kb.vmware.com/kb/1012382

fletch00 · ‎11-01-2011

Thanks for the feedback - I suspect the SSL verification is failing before the port 902 traffic even starts to flow.

Whats the procedure to clear the host thumbprint mismatch ?

Perhaps vmware support can dig it up...opening a case...

thanks

VCP5 VSP5 VTSP5 vExpert http://vmadmin.info

xiong023 · ‎11-08-2011

Were you able to get a response from support on a solution? We are looking into doing this as well.

All

ssl verification failure due to a host thumbprint mismatch