Hey All,
I have to disable TLSv1.0 and v1.1 and enable v1.2
Today I tried to do that with VMware guide but
I have problem, i have cluster with:
1 ESXi 6.5 and 2 ESXi 6.0
the tls utility of VMware divided to version 6.0 and 6.5
so when I try to use this utility (version 6.5) I got error that some ESXi are 6.0 and it's not possible to to that,
when I uninstall the utility version 6.5 and install 6.0 I got error about ESXi 6.5
when I try to configure has a standalone or just one host I got error that ESXi is member of cluster
and I need to run the command as a cluster.
When can i do to fix that and success run this command.
Thanks!
Some of the links and replies on this thread might help: https://communities.vmware.com/t5/ESXi-Discussions/I-am-trying-to-Disable-TLS-1-0-and-1-1-on-a-6-5-E...
(thread found using search)
No It's not help.
I know all thing that wrote there.
I run script via Vcenter.
But again my problem is that in my cluster i have ESXi 6.0 and 6.5
and the script has 2 version for 6.0 and 6.5
I got error that I have Esxi 6.0 when I run script 6.5
and error that i have ESXi 6.5 when I run script 6.0
Hey @idan_a,
Take into account that 6.0 U3 is the version from where TLS can be disabled if your build is lower than that then the change is not supported. Also remember that 6.0 is EOL so I recommend you to update to the next supported version which is at least 6.5.
However I just found the next article that there is a solution for mixed version by using the latest utility version that I think comes with the release of vSphere 6.7. Take a look at the next: https://virtuallyvtrue.com/2019/05/08/disabling-tlsv1-0-and-enabling-tlsv1-1-and-or-tlsv1-2-in-mixed...
Hey,
I did like in this article:
but i still got this error:
what I am missing?
Mixed version ESXi support for TLS is only added from 6.7 U3g(vCenter) onwards. In you case use the command for standalone ESXi.
vCenter 6.7 U3g release notes for your reference below.
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3g-release-notes.html
The TLS reconfiguration utility cannot be configured on mixed version cluster host
vCenter Server 6.7 Update 3g adds an enhancement to the TLS reconfiguration utility that allows you to configure TLS protocol settings on ESXi hosts from the 6.5 and 6.0 lines. You can also manage the TLS protocol configuration of a mixed cluster of ESXi hosts from the 6.7, 6.5 and 6.0 lines by using a single instance of vCenterCluster in the TLS configuration utility.
This issue is resolved in this release.
What's help me version 6.7???
I wrote that I have 6.5 and 6.0 version.
My vCenter is 6.5, 1 Esxi 6.5 and 2 Esxi 6.0
I tried vCenterCluster, vCenterHost and ESXiHost I got error unsupported version.
I can't use vCenterHost and ESXiHost because my esxi member in cluster.
In short
Upgrade your VC to 6.7 U3g as mixed ESXi in cluster support started from 6.7U3g only
OR
Upgrade the complete cluster ESXi's to 6.5
OR
Remove the hosts from VC Cluster and use reconfigureEsx ESXiHost
I will do option 3.
Thanks