VMware Cloud Community
MTomasko
Enthusiast
Enthusiast
‎07-27-2017 05:35 AM

VMware Remote Console - Version 10 - Unable to connect to the MKS

Since upgrading to version 10, I'm not longer able to use the VMware Remote Console.  I get the error "Unable to connect to the MKS: Could not connect to pipe \\. \pipe\vmware-authdpipe within retry period.".  Rolled back to version 8 and it works and version 9 work.  vCenter is version 5.5.0.30500 Build 4180648.  ESXi servers are version 5.1 (I know...it's old).  What changed from 8/9 to 10 that "broke" my VMware remote console? 

Here's part of the log:

2017-07-25T23:11:46.768-04:00| vmrc| I125: VMClientConnectSocketEx
2017-07-25T23:11:46.987-04:00| vmrc| W115: SSL: Unknown SSL Error
2017-07-25T23:11:47.003-04:00| vmrc| I125: SSL Error: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
2017-07-25T23:11:47.003-04:00| vmrc| W115: SSL: connect failed (1)
2017-07-25T23:11:47.003-04:00| vmrc| I125: CnxAuthdConnect: Returning false because SSL_ConnectAndVerify failed
2017-07-25T23:11:47.003-04:00| vmrc| I125: CnxConnectAuthd: Returning false because CnxAuthdConnect failed
2017-07-25T23:11:47.003-04:00| vmrc| I125: Cnx_Connect: Returning false because CnxConnectAuthd failed
2017-07-25T23:11:47.003-04:00| vmrc| I125: Cnx_Connect: Error message:
2017-07-25T23:11:47.003-04:00| vmrc| I125: VMClient_ConnectMksClientEx - Remote socket connection failed.

Tags (1)
13 Replies
vijayrana968
Virtuoso
Virtuoso
‎07-27-2017 06:11 AM

Can you check if you are able to launch console from VMRC on other machine.

0 Kudos
MTomasko
Enthusiast
Enthusiast
‎07-27-2017 12:59 PM

I tried on a machine on VPN, the LAN, a Windows machine and a MAC.  They all work until you go to version 10.

0 Kudos
CQuartetti
Hot Shot
Hot Shot
‎07-27-2017 02:35 PM


Because you're seeing this connecting a new VMRC to an old vCenter/ESX setup it may be a mismatch issue with the updated curl/OpenSSL and related TLS/security protocols in VMRC 10. The thread Problems with VMRC 10 from PowerCLI and WebConsole after re-install shows VMRC logging the same error:

SSL Error: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

Please confirm your hosts are not running TLS 1.0.

0 Kudos
MTomasko
Enthusiast
Enthusiast
‎07-28-2017 06:29 AM

I don't believe you can reconfigure TLS on 5.1.  I seen a TLS configuration utility, but it's for 6.5.  Is there anything I can run to check my settings?  Thanks.

0 Kudos
CQuartetti
Hot Shot
Hot Shot
‎07-28-2017 04:55 PM

I created ticket #1927008 to investigate this. We'll update this thread when we have more information.

0 Kudos
MTomasko
Enthusiast
Enthusiast
‎08-07-2017 01:38 PM

FYI - I just added a ESXi 5.5 host to my network and no problem with the VMRC, but still can't connect to my ESXi 5.1 hosts.

0 Kudos
CQuartetti
Hot Shot
Hot Shot
‎08-08-2017 11:02 AM

I have confirmed that ESXi 5.1 does not support TLS greater than 1.0. This is most likely what's preventing the connection.

capileigh
Contributor
Contributor
‎08-14-2017 02:15 PM

I have this same issue and am unable to rollback to version 9 ( The download has been pulled. )

0 Kudos
capileigh
Contributor
Contributor
‎08-14-2017 02:34 PM

I searched Google for `Vmware-Remote-Console-9` and found some university file servers that had the installers.

I installed vmrc-for-mac with `VMware-Remote-Console-9.0.0-4288332.dmg` and can confirm it fixed this issue.

0 Kudos
MikeFTS
Contributor
Contributor
‎09-08-2017 11:48 AM

You can allow Remote Console to use again TLS 1.0. Therefore add following entry in config.ini from Remote console:

- tls.protocols=tls1.0,tls1.1,tls1.2

Config File can be found in directory "C:\ProgramData\VMware\VMware Remote Console"

My config.ini:

installerDefaults.autoSoftwareUpdateEnabled = "no"

installerDefaults.autoSoftwareUpdateEnabled.epoch = "22109"

installerDefaults.componentDownloadEnabled = "yes"

installerDefaults.dataCollectionEnabled = "no"

installerDefaults.dataCollectionEnabled.epoch = "22109"

tls.protocols=tls1.0,tls1.1,tls1.2

In the Remote Console Logfile (%TEMP%\vmware-<User>\vmware-vmrc-<pid>) you can now find following entry:

2017-09-08T18:54:25.743+02:00| vthread-5| I125: lib/ssl: OpenSSL using RAND_SSLeay for RAND

2017-09-08T18:54:25.743+02:00| vthread-5| I125: lib/ssl: protocol list tls1.0,tls1.1,tls1.2

2017-09-08T18:54:25.743+02:00| vthread-5| I125: lib/ssl: protocol list tls1.0,tls1.1,tls1.2 (openssl flags 0x3000000)

2017-09-08T18:54:25.743+02:00| vthread-5| I125: lib/ssl: cipher list !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES

Hope that will help you Smiley Happy

CQuartetti
Hot Shot
Hot Shot
‎09-11-2017 02:04 PM

You can allow Remote Console to use again TLS 1.0. Therefore add following entry in config.ini from Remote console:

- tls.protocols=tls1.0,tls1.1,tls1.2

Thank you for your post MikeFTS. I see this allows VMRC 10.0.1 to connect to ESXi 5.1 in my test setup. I'll add this to VMRC documentation.

0 Kudos
rickf303
Contributor
Contributor
‎11-30-2017 07:25 PM

How do I make this change on Fusion 10 on a Mac?

0 Kudos
CQuartetti
Hot Shot
Hot Shot
‎01-19-2018 10:37 AM

rickf303​: The VMRC 10.0.2 release notes have instructions for adding the tls.protocols line to the config file, along with where to find the config file. Fusion is similar to VMRC/Mac -- look in /Library/Preferences/VMware Fusion/config; it should also check your user location: ~/Library/Preferences/VMware Fusion/config.

0 Kudos