2 Replies Latest reply on Jun 24, 2020 5:15 PM by AmitParmar

    Disabling TLS 1.0 and 1.1 in a mixed environment 6.5 & 6.7

    inano13 Lurker

      I'm attempting to disable TLS 1.0 and 1.1 in a mixed environment where vcenter is 6.7 and ESXI hosts are 6.7 and 6.5 respectively. Through everything I have read i understand the utility does not run 100%. Higher version of 6.7 configurator displays and non-compatibile error with esxi 6.5. Attempting to run a 6.5 Tls configurator results in errors. I've attempted to disconnect the host from vcenter and attempt a standalone ESXI tls reconfiguration and am faced with a "Authd protocol error" see below. The host itself can't be upgraded to 6.7 as the model is not supported. Any assistance would be greatly appreciated. 

      Traceback (most recent call last):  File "./reconfigureEsx", line 564, in <module>

          main()

        File "./reconfigureEsx", line 560, in main

          args.func(args)

        File "./reconfigureEsx", line 411, in ReconfigureStandaloneHost

          ReconfigureHost(host, False, False, args.protocols, nfc, address)

        File "./reconfigureEsx", line 446, in ReconfigureHost

          ReconfigureRhttpproxy(host, nfc, address)

        File "./reconfigureEsx", line 477, in ReconfigureRhttpproxy

          client.Connect()

        File "/usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py", line 1054, in Connect

          msg = self.GetAuthdResponse()

        File "/usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py", line 1130, in GetAuthdResponse

          raise Exception("ERROR: Authd protocol error, "

      Exception: ERROR: Authd protocol error, connection was closed prematurely

        • 1. Re: Disabling TLS 1.0 and 1.1 in a mixed environment 6.5 & 6.7
          leberna Lurker

          Hi, have the same problem in the same mixed Environment.

          When i tried to Reconfigure the HOST (Vsphere6.5 version) with the TlsReconfigurator 6.7 of the Vcenter i had this error on unsupported version:

           

          Host "eu-esx13.infser.it" is of unsupported version: 6.5.

          Least supported version: 6.6.

          To reconfigure 6.5 or 6.0 host, you need to use 6.5 or 6.0 EsxTlsReconfigurator respectively.

          Skipping reconfiguration of ESXi host "eu-esx13.infser.it".

           

          I installed the VMware-vSphereTlsReconfigurator-6.5.0-10629370.x86_64.rpm and i tried again but i had this ERROR:

           

           

          ESXi Transport Layer Security reconfigurator, version=6.5.0, build=10629370

          For more information refer to the following article: https://kb.vmware.com/kb/2147469

          Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

          Connecting to vCenter Server at: "localhost".

          Password:

          Validating product version at: "localhost".

          Traceback (most recent call last):

            File "./reconfigureEsx", line 564, in <module>

              main()

            File "./reconfigureEsx", line 560, in main

              args.func(args)

            File "./reconfigureEsx", line 238, in ReconfigureVCenterHosts

              None)

            File "./reconfigureEsx", line 195, in LocateVCenterEntities

              for key, values in result.iteritems():

          AttributeError: 'collections.defaultdict' object has no attribute 'iteritems'

           

          I don't undestarnd what is happened, i attached my log. Seems that it is tryng to use the 6.7 version..

           

          2020-05-04T14:06:43.824Z INFO Log file: "/var/log/vmware/vSphere-TlsReconfigurator/EsxTlsReconfigurator.log".

          2020-05-04T14:06:43.824Z DEBUG ReconfigureVCenterHosts args: "Namespace(func=<function ReconfigureVCenterHosts at 0x7f9923160400>, host=['eu-.....it'], protocols=['TLSv1.1', 'TLSv1.2'], user='l....t')".

          2020-05-04T14:06:43.824Z INFO Connecting to vCenter Server at: "localhost".

          2020-05-04T14:06:50.417Z DEBUG Product serviceIntance: "'vim.ServiceInstance:ServiceInstance'"

          2020-05-04T14:06:50.418Z INFO Validating product version at: "localhost".

          2020-05-04T14:06:50.421Z DEBUG Product at "localhost" version: "6.7".

          2020-05-04T14:06:50.437Z DEBUG LocateVCenterEntities type, names: "<class 'pyVmomi.VmomiSupport.vim.HostSystem'>", "['eu-esx13.infser.it']".

          2020-05-04T14:06:50.456Z DEBUG vCenter Server located entities of type "<class 'pyVmomi.VmomiSupport.vim.HostSystem'>": "(ManagedObject) [

           

          Thank you for the help!!

          LEB

          • 2. Re: Disabling TLS 1.0 and 1.1 in a mixed environment 6.5 & 6.7
            AmitParmar Lurker

            I was having the same problem and after some research I found python 3 is not supporting iteritems method.

            So I have renamed result.iteritems() to result.items()  in ./reconfigureEsx script also copy "cp /usr/lib/vmware/site-packages/pyVim/nfclib.py  /usr/lib/vmware-vSphereTlsReconfigurator/EsxTlsReconfigurator/pyVim/nfclib.py"  and issue got resolved.

             

            Thank you,

            Amit Parmar