Thanks for the reply.  Technically don't need the secondary DNS for the host.  I can remove it.  Was mostly for connectivity test. Still a little confused why the ping to the default gateway and Google's DNS server passes, but the local DNS server on the 192.168.1.x range fails

There are no VLANs.

Servers will be set up to talk to the SAN on subnet 172.29.29.0/24 but currently are not.

The management NIC is on subnet 192.168.1.0/24

Managment NIC is vmnic2

IPv6 is disabled.  Both servers are assigned IPv4 static.

Settings are 192.168.1.250 and 192.168.1.251, subnet 255.255.255.0 and gateway 192.168.1.49

As noted can ping them successfully.  Just can't get the web browser to display the tools page or connect through the vSphere Client.

Firewall is Sonicwall NSA2400

LAN to LAN matrix has Any to Any allow.

What about using the vSphere Client in the host's subnet? If this works, there might be something in the firewall which needs to be changed (e.g. routing)!? Are you able to ping other addresses in the LAN when you enter them in the host's "Test Management Network" screen?

André

Not possible to use the client in the host subnet.  That subnet is for the SAN network only and consists of the SAN, two switches and the two ESXi 5.5 servers (and neither of the primary nic's on the two servers have been configured yet for the SAN subnet since I can't access them with the client yet.

Oddly adding the IP of the server where the vSphere client is installed (as a secondary DNS server for test purpose) passes the Management Network test ping, however the DNS server IP and hostname resolution still fails. the server the vSphere client is installed on is 192.168.1.8, and the DNS server is 192.168.1.18.  In theory they should both pass the ping test.

//edit   let me back up on that.  The server that has the client installed does have one NIC configured for the LAN network and one NIC configured for the SAN network, however neither of the servers have the primary onboard nic configured for the SAN network yet because I can't connect to them. I've also tried connecting on the DNS server that is only on the LAN and get the same results.

I'm a little bit confused now. You are saying that you cannot use the client in the host subnet, but according to the IP addresses you provided, it's in the same network already (192.168.1.x)!? Anyway, are you able to ping the DNS server from other systems? I'm asking because Windows 2008 and newer block pings by default and you need to allow ICMP traffic in the Windows firewall.

André

Windows Firewall is disabled on the DNS server which is also the only DC (Windows server 2003).

On the management server (also 2003) where the vSphere client is installed if I try the IP of the hosts in a web browser it 404's in both cases.  If I try it with port 902 I get the message in this screen shot. (also same message if I telnet to the hosts) If I try this with the IP only without the port, the web page 404s

If I use the client and try to connect with port 902 I get this message.

In theory I can see that I'm connecting to the hosts, but authentication is failing in the client, and the web browser is not displaying the standard welcome screen.

If I try to connect using the client without a port, I get a generic error that the "Client could not send a complete request to the server".

Does that help clear things up?  I'll call VMware support on this tomorrow, so don't waste much time on it.  I totally appreciate your help though!~!!!  Was just hoping to get it resolved quickly to move on to virtualizing their servers.

That KB has been updated with a bypass method a few days ago. Short story is slapping the relevant server into accepting weaker ciphers via an added xml line. Unfortunately, it seems to artificially weaken it more than it needs to (ALL, rather than specifying a cipher list that includes what XP/2003 can barely do), so user beware regarding excessively weakened SSL transport security. This may violate your company's security stance/policies.

Mark,

It's also working on 2003 32-bit after applying the MS hotfix (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.ex...) and editing config.xml as described in the kb article (VMware KB: vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.5 due to a Ha...) you linked above.

Lars

Error vsphere client:

an unknown connection error occurred

It works for me and solve the problem:

On Vcenter Server Edit vpxd.cfg and Add the <cipherList>ALL</cipherList> parameter between the  <vmacore><ssl>...</ssl></vmacore>

Restart the vCenter Server service