5 Replies Latest reply on Oct 8, 2017 11:11 PM by Rehtael

    vmware workstation hostd (shared vms) not starting on fresh linux install

    Thommie Novice

      Hi,

      I have a fresh install of workstation 12.5.5 on a linux box (Opensuse Leap 42.2), everything works fine excekt the hostd service for shared VMs. It is also not possible to conenct to other machines on the same network which offer shared VMs (also on workstation). I did two frsh installs but hve ´teh same result. The hostd process is visible but in the Workstation UI a connection to it (eithe root or user) is not possible. hostd.logs show:

       

      2017-05-19T21:45:59.883+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b8c006c20, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57358'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

      2017-05-19T21:46:01.883+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00023] Client certificate will not be requested.

      2017-05-19T21:46:01.884+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c006130, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57360'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

      2017-05-19T21:47:22.130+02:00 info hostd[7F8B9B03D700] [Originator@6876 sub=Proxy Req 00024] Client certificate will not be requested.

      2017-05-19T21:47:22.130+02:00 warning hostd[7F8B9B100700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7801db60, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57372'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

      2017-05-19T21:47:37.129+02:00 info hostd[7F8B9A6D1700] [Originator@6876 sub=Proxy Req 00025] Client certificate will not be requested.

      2017-05-19T21:47:37.129+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c02b750, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57380'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

      2017-05-19T21:47:48.000+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00026] Client certificate will not be requested.

      2017-05-19T21:47:48.000+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b70001ec0, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57384'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

      2017-05-19T21:53:13.274+02:00 verbose hostd[7F8B9B100700] [Originator@6876 sub=Default] Validating permission users and groups

       

      Any ideas?

        • 1. Re: vmware workstation hostd (shared vms) not starting on fresh linux install
          Rehtael Lurker

          Experiencing same issue. Also problems with checking for updates.

           

          Used to be okay until one of the updates to 42.2....wonder if it's related to the:

           

          - Bug bsc#1027712 switch to new client side cipher suite default

          * Updated default cipher suite from "DEFAULT" to "SUSE_DEFAULT"

          * Updates previous patch curl-DEFAULT_CIPHER_SELECTION.patch

           

          This change has caused problems with quite a few linux apps....

           

          v12.5.6 of Workstation doesn't resolve issues either.

          • 2. Re: vmware workstation hostd (shared vms) not starting on fresh linux install
            alreadytaken Novice

            Hi,

             

            looks like current curl has issues with hostd, therefore as workaround temporary downgrade curl-packages.
            packages:
            -curl
            -libcurl3

            -libcurl4

             

            search prior version (sorry, german locales - but should be clear anyways )

            uid@host:~> zypper search -s libcurl4

            Repository-Daten werden geladen...

            Installierte Pakete werden gelesen...

             

            S | Name           | Typ   | Version       | Arch   | Repository

            --+----------------+-------+---------------+--------+--------------------------

            v | libcurl4       | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update

            i | libcurl4       | Paket | 7.37.0-15.1   | x86_64 | openSUSE-Leap-42.2-Oss

              | libcurl4-32bit | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update

              | libcurl4-32bit | Paket | 7.37.0-15.1   | x86_64 | openSUSE-Leap-42.2-Oss

             

            Downgrade Package:
            #>zypper install -f libcurl=7.37.0-15.1

             

             

            lock package to protect from incidentally updating
            zypper addlock libcurl4

             

            Do the same for curl and libcurl3 and wait until new update available either for vmware or curl.

            you can remove the package-lock later using zypper removelock <package> (you can show current locks using "zypper listlock" )

             

            SLES12SP2 is also affected, guess they're already on it.

             

             


            regards,

             

            Daniel

             

            edit:
            I digged somewhat deeper. seems issues are related to certificate validation of hostd cert.
            Probably it's enough to replace hostd cert  and key in /etc/vmware/ssl/ (/etc/vmware/ssl/rui.crt ; /etc/vmware/ssl/rui.key)

             

            But this requires you to have a working ca.

             

            @Rehtael: you're right.
            This one broke it:
            openSUSE-SU-2017:1105-1: moderate: Security update for curl

             

            Kopfzeile 1

            #>zypper patch-info openSUSE-2017-513

            Repository-Daten werden geladen...

            Installierte Pakete werden gelesen...

             

             

            Informationen zu Patch openSUSE-2017-513:

            -----------------------------------------

            Repository       : openSUSE-Leap-42.2-Update

            Name             : openSUSE-2017-513

            Version          : 1

            Arch             : noarch

            Anbieter         : maint-coord@suse.de

            Status           : erforderlich

            Kategorie        : security

            Schweregrad      : moderate

            Erstellt am      : Mi 26 Apr 2017 14:11:02 CEST

            Interaktiv       : ---

            Zusammenfassung  : Security update for curl

            Beschreibung     :

             

                This update for curl fixes the following issues:

             

                Security issue fixed:

             

                - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)

                - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation

                screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).

             

                With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).

             

                This update was imported from the SUSE:SLE-12:Update update project.

            Bereitstellungen : patch:openSUSE-2017-513 = 1

            Konflikte        : [16]

            1 person found this helpful
            • 3. Re: vmware workstation hostd (shared vms) not starting on fresh linux install
              Rehtael Lurker

              Unfortunately it still doesn't appear to be fixed in 12.5.7 build-5813279

              • 4. Re: vmware workstation hostd (shared vms) not starting on fresh linux install
                gkuenning Lurker

                Wow, somebody has mad diagnostic skills.  Thanks!  I never would have thought of looking into the libcurl version.

                 

                A couple of notes: I had to do "zypper install -f libcurl4=7.37.0-15.1"; using libcurl=... had no effect.  Also, my version of zypper doesn't have "listlocks"; it's just "zypper locks" (alias "zypper ll").

                 

                In the meantime I'm live and happy!

                • 5. Re: vmware workstation hostd (shared vms) not starting on fresh linux install
                  Rehtael Lurker

                  Finally resolved in VMware Workstation 14....however, you have to be on openSUSE 42.3+ or the kernel modules won't compile.