I seen that "Starting with vSphere 6.7, the TLS Configurator utility is included in the product. You no longer download it separately."
I followed below documentations "https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-BDCE47DD-8AD2-4C9...
I am not able to get the folder of TlsReconfiguraotr also in my host.
[root@localhost:~] ls -ltr /usr/lib/vmware-TlsReconfigurator
ls: /usr/lib/vmware-TlsReconfigurator: No such file or directory
command "reconfigureEsx" is not being resolved.
[root@localhost:~] reconfigureEsx
-sh: reconfigureEsx: not found
How to get this working TLSConfigurator working?.
Thanks
RK
Is the ESXi host 10.10.2.2 managed by that vCenter? Is it in lockdown mode?
You should provide a vCenter administrative user.
root@vcenter [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h esxi01.home.lan -u administrator@vsphere.local -p TLSv1.2
ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Validating product version at: "localhost".
Validating ESXi host: "esxi01.home.lan".
Reconfiguring ESXi host: "esxi01.home.lan".
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Hi,
/usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator/reconfigureEsx is run from vCenter, not ESXi.
root@vcenter [ ~ ]# ls -ltr /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator/
total 44
-rw-r--r-- 1 root root 2247 Mar 27 06:28 reconfigure-vvold
-rw-r--r-- 1 root root 3606 Mar 27 06:28 reconfigure-rhttpproxy
-rw-r--r-- 1 root root 2122 Mar 27 06:28 reconfigure-vvold.sig
-rw-r--r-- 1 root root 2122 Mar 27 06:28 reconfigure-rhttpproxy.sig
-rwxr-xr-x 1 root root 23228 Mar 27 06:28 reconfigureEsx
-rw-r--r-- 1 root root 1936 Mar 27 06:28 README
Thanks martin,
I tried to change the TLS using below commands , but throws errors.
root@photon-machine [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h 10.10.2.2 -u root -p TLSv1.0
ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Permission to perform this operation was denied.
Note: Access to ESXi host may be denied if it is managed by vCenter Server instance in lockdown mode.
If this is the case please reconfigure the ESXi host through the corresponding vCenter Server instance.
Any idea , what other factor should be taken care?.
Are you trying to disable TLS 1.1 and TLS 1.2 and only use TLS 1.0? That won't happen!
You have two choices for using TLS in your environment.
Source: Enabling or Disabling TLS Versions in vSphere
Also, the ESXi host 10.10.2.2 must be managed by the vCenter.
Martin,
Even TLSv1.2 resulting same,
[ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h 10.10.2.2 -u root -p TLSv1.2
ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Permission to perform this operation was denied.
Note: Access to ESXi host may be denied if it is managed by vCenter Server instance in lockdown mode.
If this is the case please reconfigure the ESXi host through the corresponding vCenter Server instance.
Is the ESXi host 10.10.2.2 managed by that vCenter? Is it in lockdown mode?
You should provide a vCenter administrative user.
root@vcenter [ /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator ]# ./reconfigureEsx vCenterHost -h esxi01.home.lan -u administrator@vsphere.local -p TLSv1.2
ESXi Transport Layer Security reconfigurator, version=6.7.0, build=13010631
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".
Connecting to vCenter Server at: "localhost".
Password:
Validating product version at: "localhost".
Validating ESXi host: "esxi01.home.lan".
Reconfiguring ESXi host: "esxi01.home.lan".
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
This one worked thanks...