VMware Cloud Community
vlrk
Contributor
Contributor
Jump to solution

TLS Configuratory Utility in Esxi Host 6.7 Build Number 13006603

I seen that "Starting with vSphere 6.7, the TLS Configurator utility is included in the product. You no longer download it separately."

I followed below documentations "https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-BDCE47DD-8AD2-4C9...

I am not able to get the folder  of TlsReconfiguraotr also in my host.

[root@localhost:~] ls -ltr /usr/lib/vmware-TlsReconfigurator

ls: /usr/lib/vmware-TlsReconfigurator: No such file or directory

command "reconfigureEsx" is not being resolved.

[root@localhost:~] reconfigureEsx

-sh: reconfigureEsx: not found

How to get this working TLSConfigurator working?.

Thanks

RK

Reply
0 Kudos
1 Solution

Accepted Solutions
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

Is the ESXi host 10.10.2.2 managed by that vCenter? Is it in lockdown mode?

You should provide a vCenter administrative user.

root@vcenter [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h esxi01.home.lan -u administrator@vsphere.local -p TLSv1.2

ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631

For more information refer to the following article: https://kb.vmware.com/kb/2147469

Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

Connecting to vCenter Server at: "localhost".

Password:

Validating product version at: "localhost".

Validating ESXi host: "esxi01.home.lan".

Reconfiguring ESXi host: "esxi01.home.lan".

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos
6 Replies
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

Hi,

/usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator/reconfigureEsx is run from vCenter, not ESXi.

root@vcenter [ ~ ]# ls -ltr /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator/

total 44

-rw-r--r-- 1 root root  2247 Mar 27 06:28 reconfigure-vvold

-rw-r--r-- 1 root root  3606 Mar 27 06:28 reconfigure-rhttpproxy

-rw-r--r-- 1 root root  2122 Mar 27 06:28 reconfigure-vvold.sig

-rw-r--r-- 1 root root  2122 Mar 27 06:28 reconfigure-rhttpproxy.sig

-rwxr-xr-x 1 root root 23228 Mar 27 06:28 reconfigureEsx

-rw-r--r-- 1 root root  1936 Mar 27 06:28 README

Reply
0 Kudos
vlrk
Contributor
Contributor
Jump to solution

Thanks martin,

I tried to change the TLS using below commands , but throws errors.

root@photon-machine [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h 10.10.2.2 -u root -p TLSv1.0

ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631

For more information refer to the following article: https://kb.vmware.com/kb/2147469

Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

Connecting to vCenter Server at: "localhost".

Password:

Permission to perform this operation was denied.

Note: Access to ESXi host may be denied if it is managed by vCenter Server instance in lockdown mode.

      If this is the case please reconfigure the ESXi host through the corresponding vCenter Server instance.

Any idea , what other factor should be taken care?.

Reply
0 Kudos
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

Are you trying to disable TLS 1.1 and TLS 1.2 and only use TLS 1.0? That won't happen!

Prerequisites

You have two choices for using TLS in your environment.

  • Disable TLS 1.0, and enable TLS 1.1 and TLS 1.2.
  • Disable TLS 1.0 and TLS 1.1, and enable TLS 1.2.

Source: Enabling or Disabling TLS Versions in vSphere

Also, the ESXi host 10.10.2.2 must be managed by the vCenter.

Reply
0 Kudos
vlrk
Contributor
Contributor
Jump to solution

Martin,

Even TLSv1.2 resulting same,

[ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h 10.10.2.2 -u root -p TLSv1.2

ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631

For more information refer to the following article: https://kb.vmware.com/kb/2147469

Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

Connecting to vCenter Server at: "localhost".

Password:

Permission to perform this operation was denied.

Note: Access to ESXi host may be denied if it is managed by vCenter Server instance in lockdown mode.

      If this is the case please reconfigure the ESXi host through the corresponding vCenter Server instance.

Reply
0 Kudos
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

Is the ESXi host 10.10.2.2 managed by that vCenter? Is it in lockdown mode?

You should provide a vCenter administrative user.

root@vcenter [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h esxi01.home.lan -u administrator@vsphere.local -p TLSv1.2

ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631

For more information refer to the following article: https://kb.vmware.com/kb/2147469

Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

Connecting to vCenter Server at: "localhost".

Password:

Validating product version at: "localhost".

Validating ESXi host: "esxi01.home.lan".

Reconfiguring ESXi host: "esxi01.home.lan".

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Reply
0 Kudos
vlrk
Contributor
Contributor
Jump to solution

This one worked thanks...

Reply
0 Kudos