Solved: Problem integrating vRO 7 with vSphere 6 web clien...

Aristizabal · ‎05-18-2016

Hello,

I recently upgraded to vShere 6 (6.0 U1) , I created a new vRo appliance (7.0.1) and imported all the workflows from vCO 5.5. The vRO appliance works fine but there is an integration issue with the web client. I have followed the workflows to add the extension to the web client, and they completed successfully.

https://orchestration.io/2015/09/28/deploying-vrealize-orchestrator-6-0-3/

Unfortunately I can't get the vRO server to show on the weblcient. Looking at the vsphere_client_virgo.log I noticed the following entries:

[2016-05-11T13:56:55.972-06:00] [ERROR] vc-extensionmanager-pool-109 70000092 100010 200002 com.vmware.vise.vim.extension.VcExtensionManager Package com.vmware.vco was not installed!

Error downloading https://XXXXXXXXXXXX:8281/vco/vsphere-web-client/vco-plugin.zip. Make sure that the URL is reachable then logout/login to force another download. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)

at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)

at com.vmware.vise.util.http.ConnectionManager.connect(ConnectionManager.java:186)

at com.vmware.vise.util.http.SimpleHttpClient.connect(SimpleHttpClient.java:218)

at com.vmware.vise.util.http.SimpleHttpClient.executeMethodResponseAsStream(SimpleHttpClient.java:109)

at com.vmware.vise.vim.extension.VcExtensionManager.writePackageToFile(VcExtensionManager.java:873)

at com.vmware.vise.vim.extension.VcExtensionManager.downloadPackage(VcExtensionManager.java:820)

at com.vmware.vise.vim.extension.VcExtensionManager$1.call(VcExtensionManager.java:639)

at com.vmware.vise.vim.extension.VcExtensionManager$1.call(VcExtensionManager.java:631)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at com.vmware.vise.util.concurrent.QueuingCachedThreadPool$QueueProcessor.run(QueuingCachedThreadPool.java:866)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

When I go to the vCenter I can download the package without problems, I even added the self signed cert to the server to avoid the security warning.

Any help on this matter is highly appreciated.

Thank you,

Juan.

iiliev · ‎05-18-2016

For security reasons (POODLE attack and others) vRO 7.0.1 has TLSv1 protocol disabled by default. So if a client application like Web Client tries to open a connection using TLSv1, it will be rejected.

There are 2 option to work around this issue:

The first option is to configure Web Client to use TLSv1.2 or TLSv1.1 outgoing connections. I don't have the exact steps to do so at hand. I think there were plans to fix this in vSphere 6.0U2 but I'm not sure what happened.
The second option is to configure vRO server to accept TLSv1 connections. To do so, connect to the vRO appliance, open the file /etc/vco/app-server/server.xml for editing, and replace the attribute:

    sslEnabledProtocols="TLSv1.1, TLSv1.2"

with

sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

After that you'll need to restart vRO service for changes to take effect, using the following Linux command:

service vco-server restart

View solution in original post

iiliev · ‎05-18-2016

For security reasons (POODLE attack and others) vRO 7.0.1 has TLSv1 protocol disabled by default. So if a client application like Web Client tries to open a connection using TLSv1, it will be rejected.

There are 2 option to work around this issue:

The first option is to configure Web Client to use TLSv1.2 or TLSv1.1 outgoing connections. I don't have the exact steps to do so at hand. I think there were plans to fix this in vSphere 6.0U2 but I'm not sure what happened.
The second option is to configure vRO server to accept TLSv1 connections. To do so, connect to the vRO appliance, open the file /etc/vco/app-server/server.xml for editing, and replace the attribute:

    sslEnabledProtocols="TLSv1.1, TLSv1.2"

with

sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"

After that you'll need to restart vRO service for changes to take effect, using the following Linux command:

service vco-server restart

Aristizabal · ‎05-18-2016

Thank you so much. After modifying the /etc/vco/app-server/server.xml file and restarting the webclient service the vRO server shows up on the webclient.

Now, a bit off the topic, I have 5 vCenters on enhanced linked mode, do I have to register each one to vRO in order to run workflows from them?

Regards,

Juan.

VirtualTristan · ‎01-20-2017

Ilian - I upgrade to VRA 7.2 and am using the integrate VRO instance. When I go to the server.xml file to enable TLSv1, I notice that there is no relevant SSL section in the config? Is there a different procedure in enabling TLSv1 when it is the bundled VRO instance on a VRA appliance? Thanks!

Tristan

All

Problem integrating vRO 7 with vSphere 6 web client

[2016-05-11T13:56:55.972-06:00] [ERROR] vc-extensionmanager-pool-109 70000092 100010 200002 com.vmware.vise.vim.extension.VcExtensionManager Package com.vmware.vco was not installed!

Error downloading https://XXXXXXXXXXXX:8281/vco/vsphere-web-client/vco-plugin.zip. Make sure that the URL is reachable then logout/login to force another download. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)

at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)

at com.vmware.vise.util.http.ConnectionManager.connect(ConnectionManager.java:186)

at com.vmware.vise.util.http.SimpleHttpClient.connect(SimpleHttpClient.java:218)

at com.vmware.vise.util.http.SimpleHttpClient.executeMethodResponseAsStream(SimpleHttpClient.java:109)

at com.vmware.vise.vim.extension.VcExtensionManager.writePackageToFile(VcExtensionManager.java:873)

at com.vmware.vise.vim.extension.VcExtensionManager.downloadPackage(VcExtensionManager.java:820)

at com.vmware.vise.vim.extension.VcExtensionManager$1.call(VcExtensionManager.java:639)

at com.vmware.vise.vim.extension.VcExtensionManager$1.call(VcExtensionManager.java:631)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at com.vmware.vise.util.concurrent.QueuingCachedThreadPool$QueueProcessor.run(QueuingCachedThreadPool.java:866)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)