A new update to the release notes addresses this issue.
To answer my own questions:
-No, you can't make ESXi 5.5u3b work with earlier vCenter Server versions unless you re-enable SSLv3 in ESXi.
-Yes, updating vCenter Server to 5.5u3b will make it work with ESXi 5.5 u3b without SSLv3.
Thanks for the post, this is the same issue I'm experiencing.
Thanks for posting XavierEstevez
I didn't apply the patch for ESXi 5.5u3b / build 3248547 but only the critical security patch KB2135795 (fixes: Updates OpenSSL to openssl-1.0.1p)
Same issue with vCenter not reconnecting to the ESXi host after remediation/reboot and same error messages in vCenter vpxd.log file.
Enabling SSLv3 (Hostd section) in ESXi config.xml also fixed the issue
Does anyone know if we should take this literally and follow the complete instructions in KB2139396, or just enable it on the host in the first couple of steps?
Workaround: When ESXi is rebooted after remediate process is started, enable SSLv3 on ESXi (which is disabled by default).
This will make sure ESXi gets added to VC inventory automatically in few minutes and Remediation as completed. For more information refer, KB 2139396
I enabled it on the ESXi host, then proceeded with the instructions for everything I could when it made sense. Specifically talking about modifying configuration files on the server. It was part of the instructions in KB 2139396, so I tried to follow it to the letter. After doing it though, I found the client wouldn't connect (server service wouldn't start) at all to anything, and would eventually error out. I reverted the following back to normal and was able to connect both hosts. I also noticed an error in the event log in Windows on vpxd.exe. One host is running the 3248547, and the other is running 3116895. I hesitate to upgrade the 311 to 324.
To enable SSLv3:
- Open the vpxd.cfg file:
- Windows default location: C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg
- vCenter Server Appliance default location: /etc/vmware-vpx/vpxd.cfg
- Create a backup copy of the file.
- Edit the file to add or remove "<ssloptions>16924672</ssloptions>" to enable or disable SSLv3 respectively:
- Save the file.
- Restart the vpxd Service.
- To disable SSLv3, make sure the "sslOptions" is not set in the vpxd.cfg file.
- Open the vpxd.cfg file:
I just added <sslOptions>16924672</sslOptions> to the config.xml, saved it, then ran "/etc/init.d/rhttpproxy restart"
Once it was done, I was able to connect again. I checked for updates, and all was current. I'm showing 3248547 on my updated machine only.
For me, that is the solution until I decide to put in vCenter 6. I don't plan on changing this until then.
Yeah, I wish I had stuck with that approach. I think I went too far. I'm going to undo everything I did today except for that one change. Did you update both hosts?
I have 7 hosts in the cluster - it runs VDI hosting. I only updated the one until I know for sure that everything is ok with it. I don't plan on updating another host until January at the earliest.
Thanks for the info. I think I'll follow that same path.
Thanks for posting.
I had this issue and it's worked for me.