VMware Cloud Community
Porkopops
Enthusiast
Enthusiast

vSphere client cannot connect to vSphere Server - SSL error

Hi,

I built a new VM on 2008R2. Installed ESXi 5.1 using vCenter Simple Install. Then installed the Web Client, then installed the vSphere Client.

When launching the vSphere client I get an error "vSphere Client could not connect to "server.domain.local". An unknown connection error occurred. (The request failed due to an SSL error. (The request was aborted: Could not create SSL/TLS secure channel.))"

This is a clean build VM, on Domain, with no Firewall.

Research has shown articles where this error can occur using the vSphere client connecting directly to a host, but my issue is occurring while connecting to the vSphere Server.

I tried the web client, but IE fails with "Internet Explorer cannot display the webpage"

All relevant VMWare services seem to be running OK except for Orchestrator and Orchestrator Web Config, which I don't think I need to worry about with the above issue?

Edit: VM has 2 NIC's.. I have attempted to connect the vSphere client to each NIC, but same issue occurs.

Which credentials am I supposed to be logging in with? I've tried the admin@System-Domain user and the local admin & domain admin. However, I should say,  I don't get a username/password related error, so it doesn't seem like this issue should be down to credentials. The Single Sign On requirement has, admittedly, confused me a little.

Any ideas?

Thanks,
Paul

49 Replies
VirtuallyYours
Contributor
Contributor

During SSO installation as long as you didnt recieve any error it registers identity sources to lookup credentials against, i.e. AD.

During the installation of Vcenter you are given the option to register a single sign administrator so you need to use this account (or group member) to sign on to Vcenter. I couldnt get past this without entering something so if your not sure you can configure this in the Web Client under Administration->Sign on Discovery->Configuration

If AD isnt there you should be able to add it & you can add the local machine and use a local admin account to log into VCenter. You cant use the admin@System-Domain account to log into Vcenter but you need to use it to log into the web client.

If all else fails roll back to the snapshot of the VM before the install (hope you took one) and re-do taking note off all the options

Porkopops
Enthusiast
Enthusiast

Virtually Yours - Thanks for your response. SSO makes more sense now. 🙂

However, whichever credentials I supply, I can't get past the SSL error.

Also, the web client doesn't load up at all. I can get to the http://hostname page OK, but I can't get to https://hostname:9443/vsphere-client.

Thanks,

Paul

Reply
0 Kudos
Porkopops
Enthusiast
Enthusiast

I have just un-installed everything and re-installed from scratch:

1. Install vSphere Simple Install - All defaults - no errors reported

2. Install Web Client - All defaults - no errors reported

At this point, I performed these tests:

Test 1 - I tried this in IE: https://hostname:9443/vsphere-client

Result: IE displays "Internet Explorer cannot display the webpage"

Test 2 - Used this in IE: http://hostname:9443/ - (Web Client SSL port)

Result: Spurious characters on a white IE page.

See image:

vSphere WebCLient issue.jpg

Test 3 - Used this in IE: http://hostname:9090/ (Web client HTTP port)

Result: IE reports "Internet Explorer cannot display the webpage"

Test 4 - Used this in IE: http://hostname

Result:This works and I get the "VMware vSphere Welcome - Getting Started" web page. If I click on the hyperlink on this page to "Login to vSphere Web Client", I am told: "In order for this direct link to work, you must first log in to the vSphere Web Client at least once from https://{webclient-host}:{webclient-https-port}." However, as can be seen from my tests above, this is not successful.

Any and all offers of advice will be very much appreciated.

Regards,

Paul Coe

Reply
0 Kudos
VirtuallyYours
Contributor
Contributor

Thats a whole lot of errors for a fresh machine. I havent run into the SSL error so im not too sure about that but I did recreate your issue with the web client after doing some reinstalling myself. I did it in the same order (SSO ->web client) as Im dealing with other errors. I restarted the service but even after that it was about 10 minutes and several page refreshes before it came back but was able to log in ok

Reply
0 Kudos
chrispretorius
Contributor
Contributor

Hi guys

I'm afraid I've run into the same issue as Paul - fresh, by-the-book install of vSphere Server, Single Sign On and inventory; connected to the vCenter Server and downloaded the vSphere Client. It allows me to connect successfully to the hosts, but not to the vCentre Server. Same error that Paul gets - as per attachment.

Have you guys managed to get any closer to a solution?

So far I've tried manually installing the certificate in the Trusted Root Certs and installing .Net3.5 SP2, but to no avail.

Let me know if you guys come across any resolution?

Thanks!

c

Reply
0 Kudos
VirtuallyYours
Contributor
Contributor

Hey Chris, now that I see a screenshot of the actual error I think I may have come across it before. It may be a connectivity issue so see if you can ping the vcenter box from whatever machine you are using. Also try installing the vsphere client on the vcenter box and see if you can connect to localhost

Reply
0 Kudos
chrispretorius
Contributor
Contributor

Thanks for the quick reply.

That's the bizarre thing: this is on the local (vCenter Server) box. Using localhost brings up the same result (but replaces "localhost" with FQDN of this server).

Tested name resolution by ping and nslookup and all works well.

I'm a Windows man but my networking/certificate/trust skills aren't the best - is there any way of testing or evaluating this server's SSL health?

c

Reply
0 Kudos
Dennis100
Contributor
Contributor

I'm having nearly identical problems.  This is a fresh in stall on a fresh Win Server 2003 x64 R2 VM.

OS installed

All Win Updates applied

join domain

Install win installer 4.5 (as a domain admin).

vCenter Simple Install (as a domain admin)

Web Client install (as domain admin)

When I reboot the virtual center server service times out.  VirtualCenter Management Webservices doesn't start (depends on center server service).  I can manually start them.

vClient gives the SSL error.  WebClient eventually takes me to a login and I can access the web client pages.

Edit:  Using Firefox 15.0.1 to access the Web Client.

Reply
0 Kudos
chrispretorius
Contributor
Contributor

Hi Dennis

I don't have a direct link to any artiicle, but (from what I've read in trying to identify the SSL issue) the VirtualCenter Management Webservices not starting is related to an incorrect service being used.

As for accessing the WebClient, even Firefox 15 fails at browsing this successfully.

Similarly to Paul above, I get a page stating the following:

In order for this direct link to work, you must first log in to the vSphere Web  Client at least once from https://{webclient-host}:{webclient-https-port}.

Logging into https://localhost:9443 with Firefox brings me to an "Unable to connect" error.

Am I too early in thinking that I should've stuck with 5.0.0 for a little while longer? From online forums 5.1.0 seems very buggy...

Reply
0 Kudos
Porkopops
Enthusiast
Enthusiast

Well, I'm glad that it's not only me who's suffering this problem 🙂

I have also been installing the vSphere client on the vSphere server.

It's late here (almost midnight) , so will pick this up again in the morning..

Thanks all,

Paul

Reply
0 Kudos
Dennis100
Contributor
Contributor

I've tried IE 8 and it has never been able to connect to the web client.  Firefox 15.0.1 is working well in connecting (once I gave it a while for the services to get started on the vCenter Server).

I installed the Client Integration Plugin on my workstation (Win 7 x64 Pro).  I also installed the vSphere client and the Client Integration Plugin onto the server.  I I can now connect using my logon credentials to the web client from my workstation.  IE still refuses to do anything from my workstation and the server.  Trying to connect using the vCenter client on the server gives the same SSL error as when I try it from my workstation.

Before this I was using the admin@System-Domain but I could not really do much as no vCenter Servers were found (I have only this one).  I can now see the vCenter Server in the list on the web client.

Reply
0 Kudos
Dennis100
Contributor
Contributor

BTW - I tried to install the appliance VM (using Workstation 😎 and never could get it to install successfully.

Reply
0 Kudos
vmilne
Contributor
Contributor

Just to let people know that we also have this issue - upgrade from vspher4.1 to 5.1.

Are seeing the same issues, virtual center service starts, but can't login through the clients, and can't connect to the web client administrator. Raised a call with vmware yesterday, and they sent me a document to regenerate the certificates (http://kb.vmware.com/kb/1029944)

- but didn't work, and couldn't start vcenter service - waiting on next step from vmware.

Reply
0 Kudos
Porkopops
Enthusiast
Enthusiast

Thanks vmilne...

Still nowhere on this,... I noticed that I can't get to the http://hostname page from another server.. IT works on the VC Svr but not from another server.

Paul

Reply
0 Kudos
Porkopops
Enthusiast
Enthusiast

Just a quick update to let you all know that I also tried regenerating the certificates (as vmilne was asked to do by VMware), but I also had no luck.

Regards
Paul

Reply
0 Kudos
Jnewmaster
Contributor
Contributor

I am also experiencing this issue on a Windows 2008 R2 SP1 fresh install with the Simple Installer.

Reply
0 Kudos
Skynets
Contributor
Contributor

Same problem here...

Fresh install VCenter 5.0 on W2008 R2 Sp1 choosing Simple install.

Server joined in an AD Environment, same thing with my Esxi Host.

Symptoms:

- VSphere Client gives an SSL error connecting to VCenter (either from network client and Vcenter server)

- Opening https://serverFQDN:7444/lookupservice/sdk I get XML string with "Unespected EOF in prolog at..."

- Opening https://serverFQDN/ welcome page is displayed but

- Opening https://serverFQDN/vsphere-client I get "In order for this direct link to work, you must first open..."

Tks in advance anyone helps

Don

Reply
0 Kudos
Dennis100
Contributor
Contributor

I extended the timeout on starting services (http://emalf-pc.blogspot.com/2009/12/windows-server-2003-service-timeout.html) from 30sec (30000ms) to 35sec (35000ms) and the vcenter server service starts up properly.  The timeout is arbitrary and likely is hardware/speed dependent.

I can access the server by browsing to http://servername:9090 using Firefox 15.0.1.  IE8 still refuses to work (though I don't really care as I only use it if the remote site won't work with firefox).

vSphere client still gives the SSL error. Smiley Sad

Reply
0 Kudos
ventura10
Contributor
Contributor

Hello guys,

Same problem for me. I just migrated from 5.0 to 5.1 using Simple Install but now my vSphere client cannot connect to vCenter.

I am also receiving the error message about SSL certificate. From my vCenter server, I was just trying to reach https://localhost using IE 9 but I receive the message "Internet Explorer cannot display the webpage", but when I try the same URL on Mozilla Firefox it works. From my Linux box, I can connect to vCenter using VMware Workstation.

I don't understand why Firefox can handshake with the vCenter server using SSL but IE doesn't. Maybe vSphere client is trying to handshake in the same way as IE does.

Thanks for any help!

Reply
0 Kudos