Hello,

I have been tasked with closing a vulnerability in our esxi 5.5 vcenter deployment which would allow arbitrary code to run without authentication or encryption.

When I set wrapper.java.additional.2=-Dcom.sun.management.jmxremote.authenticate=true and wrapper.java.additional.7=-Dcom.sun.management.jmxremote.ssl=true in the wrapper.conf file, and comment out the original 'false' entries, when I restart vSphere web client, it won't come back up and the following error comes up in noUser.log:

com.vmware.vise.extensionfw.impl.SpringBundleDeployer             Error creating a JMX connection to dm Server java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: error unmarshalling return; nested exception is:

So setting JMX to authenticate and use SSL breaks the connection and the web client fails to come up. Any idea how to set it up so jmxremote uses ssl and password authentication?