VMware Cloud Community
inano13
Contributor
Contributor

Disabling TLS 1.0 and 1.1 in a mixed environment 6.5 & 6.7

I'm attempting to disable TLS 1.0 and 1.1 in a mixed environment where vcenter is 6.7 and ESXI hosts are 6.7 and 6.5 respectively. Through everything I have read i understand the utility does not run 100%. Higher version of 6.7 configurator displays and non-compatibile error with esxi 6.5. Attempting to run a 6.5 Tls configurator results in errors. I've attempted to disconnect the host from vcenter and attempt a standalone ESXI tls reconfiguration and am faced with a "Authd protocol error" see below. The host itself can't be upgraded to 6.7 as the model is not supported. Any assistance would be greatly appreciated. 

​Traceback (most recent call last):  File "./reconfigureEsx", line 564, in <module>

    main()

  File "./reconfigureEsx", line 560, in main

    args.func(args)

  File "./reconfigureEsx", line 411, in ReconfigureStandaloneHost

    ReconfigureHost(host, False, False, args.protocols, nfc, address)

  File "./reconfigureEsx", line 446, in ReconfigureHost

    ReconfigureRhttpproxy(host, nfc, address)

  File "./reconfigureEsx", line 477, in ReconfigureRhttpproxy

    client.Connect()

  File "/usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py", line 1054, in Connect

    msg = self.GetAuthdResponse()

  File "/usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py", line 1130, in GetAuthdResponse

    raise Exception("ERROR: Authd protocol error, "

Exception: ERROR: Authd protocol error, connection was closed prematurely

Reply
0 Kudos
2 Replies
leberna
Contributor
Contributor

Hi, have the same problem in the same mixed Environment.

When i tried to Reconfigure the HOST (Vsphere6.5 version) with the TlsReconfigurator 6.7 of the Vcenter i had this error on unsupported version:

Host "eu-esx13.infser.it" is of unsupported version: 6.5.

Least supported version: 6.6.

To reconfigure 6.5 or 6.0 host, you need to use 6.5 or 6.0 EsxTlsReconfigurator respectively.

Skipping reconfiguration of ESXi host "eu-esx13.infser.it".

I installed the VMware-vSphereTlsReconfigurator-6.5.0-10629370.x86_64.rpm and i tried again but i had this ERROR:

ESXi Transport Layer Security reconfigurator, version=6.5.0, build=10629370

For more information refer to the following article: https://kb.vmware.com/kb/2147469

Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

Connecting to vCenter Server at: "localhost".

Password:

Validating product version at: "localhost".

Traceback (most recent call last):

  File "./reconfigureEsx", line 564, in <module>

    main()

  File "./reconfigureEsx", line 560, in main

    args.func(args)

  File "./reconfigureEsx", line 238, in ReconfigureVCenterHosts

    None)

  File "./reconfigureEsx", line 195, in LocateVCenterEntities

    for key, values in result.iteritems():

AttributeError: 'collections.defaultdict' object has no attribute 'iteritems'

I don't undestarnd what is happened, i attached my log. Seems that it is tryng to use the 6.7 version..

2020-05-04T14:06:43.824Z INFO Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

2020-05-04T14:06:43.824Z DEBUG ReconfigureVCenterHosts args: "Namespace(func=<function ReconfigureVCenterHosts at 0x7f9923160400>, host=['eu-.....it'], protocols=['TLSv1.1', 'TLSv1.2'], user='l....t')".

2020-05-04T14:06:43.824Z INFO Connecting to vCenter Server at: "localhost".

2020-05-04T14:06:50.417Z DEBUG Product serviceIntance: "'vim.ServiceInstance:ServiceInstance'"

2020-05-04T14:06:50.418Z INFO Validating product version at: "localhost".

2020-05-04T14:06:50.421Z DEBUG Product at "localhost" version: "6.7".

2020-05-04T14:06:50.437Z DEBUG LocateVCenterEntities type, names: "<class 'pyVmomi.VmomiSupport.vim.HostSystem'>", "['eu-esx13.infser.it']".

2020-05-04T14:06:50.456Z DEBUG vCenter Server located entities of type "<class 'pyVmomi.VmomiSupport.vim.HostSystem'>": "(ManagedObject) [

Thank you for the help!!

LEB

Reply
0 Kudos
AmitParmar
Contributor
Contributor

I was having the same problem and after some research I found python 3 is not supporting iteritems method.

So I have renamed result.iteritems() to result.items()  in ./reconfigureEsx script also copy "cp /usr/lib/vmware/site-packages/pyVim/nfclib.py  /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py"  and issue got resolved.

Thank you,

Amit Parmar

Reply
0 Kudos