Highlighted
Contributor
Contributor

vmware workstation hostd (shared vms) not starting on fresh linux install

Hi,

I have a fresh install of workstation 12.5.5 on a linux box (Opensuse Leap 42.2), everything works fine excekt the hostd service for shared VMs. It is also not possible to conenct to other machines on the same network which offer shared VMs (also on workstation). I did two frsh installs but hve ´teh same result. The hostd process is visible but in the Workstation UI a connection to it (eithe root or user) is not possible. hostd.logs show:

2017-05-19T21:45:59.883+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b8c006c20, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57358'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2017-05-19T21:46:01.883+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00023] Client certificate will not be requested.

2017-05-19T21:46:01.884+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c006130, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57360'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2017-05-19T21:47:22.130+02:00 info hostd[7F8B9B03D700] [Originator@6876 sub=Proxy Req 00024] Client certificate will not be requested.

2017-05-19T21:47:22.130+02:00 warning hostd[7F8B9B100700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7801db60, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57372'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2017-05-19T21:47:37.129+02:00 info hostd[7F8B9A6D1700] [Originator@6876 sub=Proxy Req 00025] Client certificate will not be requested.

2017-05-19T21:47:37.129+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c02b750, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57380'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2017-05-19T21:47:48.000+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00026] Client certificate will not be requested.

2017-05-19T21:47:48.000+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b70001ec0, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57384'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)

2017-05-19T21:53:13.274+02:00 verbose hostd[7F8B9B100700] [Originator@6876 sub=Default] Validating permission users and groups

Any ideas?

5 Replies
Highlighted
Contributor
Contributor

Experiencing same issue. Also problems with checking for updates.

Used to be okay until one of the updates to 42.2....wonder if it's related to the:

- Bug bsc#1027712 switch to new client side cipher suite default

* Updated default cipher suite from "DEFAULT" to "SUSE_DEFAULT"

* Updates previous patch curl-DEFAULT_CIPHER_SELECTION.patch

This change has caused problems with quite a few linux apps....

v12.5.6 of Workstation doesn't resolve issues either.

0 Kudos
Highlighted
Contributor
Contributor

Hi,

looks like current curl has issues with hostd, therefore as workaround temporary downgrade curl-packages.
packages:
-curl
-libcurl3

-libcurl4

search prior version (sorry, german locales - but should be clear anyways )

uid@host:~> zypper search -s libcurl4

Repository-Daten werden geladen...

Installierte Pakete werden gelesen...

S | Name           | Typ   | Version       | Arch   | Repository

--+----------------+-------+---------------+--------+--------------------------

v | libcurl4       | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update

i | libcurl4       | Paket | 7.37.0-15.1   | x86_64 | openSUSE-Leap-42.2-Oss

  | libcurl4-32bit | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update

  | libcurl4-32bit | Paket | 7.37.0-15.1   | x86_64 | openSUSE-Leap-42.2-Oss

Downgrade Package:
#>zypper install -f libcurl=7.37.0-15.1

lock package to protect from incidentally updating
zypper addlock libcurl4

Do the same for curl and libcurl3 and wait until new update available either for vmware or curl.

you can remove the package-lock later using zypper removelock <package> (you can show current locks using "zypper listlock" )

SLES12SP2 is also affected, guess they're already on it.


regards,

Daniel

edit:
I digged somewhat deeper. seems issues are related to certificate validation of hostd cert.
Probably it's enough to replace hostd cert  and key in /etc/vmware/ssl/ (/etc/vmware/ssl/rui.crt ; /etc/vmware/ssl/rui.key)

But this requires you to have a working ca.

@Rehtael: you're right.
This one broke it:
openSUSE-SU-2017:1105-1: moderate: Security update for curl

Kopfzeile 1

#>zypper patch-info openSUSE-2017-513

Repository-Daten werden geladen...

Installierte Pakete werden gelesen...

Informationen zu Patch openSUSE-2017-513:

-----------------------------------------

Repository       : openSUSE-Leap-42.2-Update

Name             : openSUSE-2017-513

Version          : 1

Arch             : noarch

Anbieter         : maint-coord@suse.de

Status           : erforderlich

Kategorie        : security

Schweregrad      : moderate

Erstellt am      : Mi 26 Apr 2017 14:11:02 CEST

Interaktiv       : ---

Zusammenfassung  : Security update for curl

Beschreibung     :

    This update for curl fixes the following issues:

    Security issue fixed:

    - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)

    - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation

    screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).

    With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).

    This update was imported from the SUSE:SLE-12:Update update project.

Bereitstellungen : patch:openSUSE-2017-513 = 1

Konflikte        : [16]

Highlighted
Contributor
Contributor

Unfortunately it still doesn't appear to be fixed in 12.5.7 build-5813279 Smiley Sad

0 Kudos
Highlighted
Contributor
Contributor

Wow, somebody has mad diagnostic skills.  Thanks!  I never would have thought of looking into the libcurl version.

A couple of notes: I had to do "zypper install -f libcurl4=7.37.0-15.1"; using libcurl=... had no effect.  Also, my version of zypper doesn't have "listlocks"; it's just "zypper locks" (alias "zypper ll").

In the meantime I'm live and happy!

0 Kudos
Highlighted
Contributor
Contributor

Finally resolved in VMware Workstation 14....however, you have to be on openSUSE 42.3+ or the kernel modules won't compile.

0 Kudos