VMware {code} Community
likid000
Contributor
Contributor

Error: Server version unavailable at 'https://1.1.1.1/sdk/vimService.wsdl' when connecting to virtual center with connect.pl

Hi,

I have a strange problem, I have 3 RHEL 5.4 servers that are clones of each other, I have install the SDK on all 3 of them, version:

I have installed VMware-vSphere-SDK-for-Perl-4.0.0-161974

and on 2 servers whith connect.pl it works great:

  1. /usr/lib/vmware-vcli/apps/general/connect.pl --server 1.1.1.1 --username XXX --password XX

Connection Successful

Server Time : 2009-11-04T11:53:30.449415Z

On the third server it doesn't work:

  1. /usr/lib/vmware-vcli/apps/general/connect.pl --server 1.1.1.1 --username XXX --password XX

Error: Server version unavailable at 'https://1.1.1.1/sdk/vimService.wsdl'

I am connecting to a VC with esx 3.5, on the third server I can access the url 'https://1.1.1.1/sdk/vimService.wsdl' with no problems

Any idea what can be the problem ?

Thnx

25 Replies
lamw
Community Manager
Community Manager

Does the following work:

/usr/lib/vmware-vcli/apps/general/connect.pl --url https://1.1.1.1/sdk --username XXX --password XX

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

Twitter: @lamw

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
likid000
Contributor
Contributor

Nope, The same result:

  1. /usr/lib/vmware-vcli/apps/general/connect.pl --url --username xxxx --password xxxx
    Error: Server version unavailable at 'https://10.7.112.166/sdk/vimService.wsdl'

"on the third server I can access the url 'https://1.1.1.1/sdk/vimService.wsdl' with no problems" by this I mean I can wget the file and download it perfectly from the third server:

  1. wget --no-check-certificate (11-05 08:31):)

2009-11-05 08:32:00

Connecting to 1.7.11.16:443... connected.

Self-signed certificate encountered.

HTTP request sent, awaiting response... 200 OK

Length: 561 text/xml

Saving to: `vimService.wsdl'

100%[=================================================================================>] 561 --.-K/s in 0s

2009-11-05 08:32:00 (109 MB/s) - `vimService.wsdl' saved 561/561

Reply
0 Kudos
haplo2000
Contributor
Contributor

do you use a proxy?

if so, deactivate the proxy (look in the enviroment) an then try again

Reply
0 Kudos
likid000
Contributor
Contributor

Thnx for the help. I haven't got any proxy config on my env:

# set | strings | grep proxy

# echo $http_proxy

# echo $HTTP_PROXY

# grep proxy .* | grep -v .zhistory (11-10 17:35) Smiley Happy

#

l01 ~]# /usr/lib/vmware-vcli/apps/general/connect.pl --url https://10.7.1.1/sdk --username dpar-00 --password cu3rv0-.

Error: Server version unavailable at 'https://10.7.1.1/sdk/vimService.wsdl'

Where else can the proxy be defined ?

Reply
0 Kudos
likid000
Contributor
Contributor

%ENV from perl:

DISPLAY : localhost:11.0

EDITOR : vim

G_BROKEN_FILENAMES : 1

HISTFILE : /root/.zhistory

HISTSIZE : 1500

HOME : /root

HOSTNAME : 11111

INPUTRC : /etc/inputrc

KDEDIR : /usr

KDE_IS_PRELINKED : 1

KDE_NO_IPV6 : 1

LANG : en_US.UTF-8

LESSOPEN : |/usr/bin/lesspipe.sh %s

LOGNAME : root

LS_COLORS : no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:.cmd=00;32:.exe=00;32:.com=00;32:.btm=00;32:.bat=00;32:.sh=00;32:.csh=00;32:.tar=00;31:.tgz=00;31:.arj=00;31:.taz=00;31:.lzh=00;31:.zip=00;31:.z=00;31:.Z=00;31:.gz=00;31:.bz2=00;31:.bz=00;31:.tz=00;31:.rpm=00;31:.cpio=00;31:.jpg=00;35:.gif=00;35:.bmp=00;35:.xbm=00;35:.xpm=00;35:.png=00;35:.tif=00;35:

MAIL : /var/spool/mail/root

MUTT_EDITOR : vim

OLDPWD : /root

PAGER : more

PATH : /opt/perf/bin:/opt/OV/bin:/usr/local/bin:/usr/local/sbin/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/java/jdk1.5.0_09/bin

PR_BLUE : %{%}

PR_CYAN : %{%}

PR_GREEN : %{%}

PR_LIGHT_BLUE : %{%}

PR_LIGHT_CYAN : %{%}

PR_LIGHT_GREEN : %{%}

PR_LIGHT_MAGENTA : %{%}

PR_LIGHT_RED : %{%}

PR_LIGHT_WHITE : %{%}

PR_LIGHT_YELLOW : %{%}

PR_MAGENTA : %{%}

PR_NO_COLOR : %{%}

PR_RED : %{%}

PR_WHITE : %{%}

PR_YELLOW : %{%}

PS1 : %(!.#.$)

PWD : /root

RPS1 : (%D{%m-%d %H:%M}) %0(?,%{%}:%),%{%}:(%s)%b

SAVEHIST : 1500

SHELL : /bin/bash

SHLVL : 2

SSH_ASKPASS : /usr/libexec/openssh/gnome-ssh-askpass

SSH_CLIENT : 10.7.2.36 4171 22

SSH_CONNECTION : 10.7.2.36 4171 10.7.115.160 22

SSH_TTY : /dev/pts/1

TERM : xterm

USER : root

_ : /root/./lol.pl

color : WHITE

count : 7

mapfile : zsh/mapfile

Reply
0 Kudos
haplo2000
Contributor
Contributor

I am not firm with Redhead. On Suse you can edit /etc/sysconfig/proxy or you can do over yast.

Perhaps you have set proxy setting for yum but normaly the connect.pl script get the proxy setting form user env.

try to start connect.pl with --verbose for more debug infos

Reply
0 Kudos
likid000
Contributor
Contributor

No luck,

/etc/sysconfig]# find . | xargs grep -i proxy (11-13 09:41) Smiley Happy

./rhn/up2date.rpmnew:enableProxy[comment]=Use a HTTP Proxy

./rhn/up2date.rpmnew:enableProxy=0

./rhn/up2date.rpmnew:httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128

./rhn/up2date.rpmnew:httpProxy=

./rhn/rhncfg-client.conf:# enableProxy = 1

./rhn/rhncfg-client.conf:# enableProxyAuth = 1

./rhn/rhncfg-client.conf:# httpProxy = some.proxy.example.com:3030

./rhn/rhncfg-client.conf:# proxyUser = proxy_user_name

./rhn/rhncfg-client.conf:# proxyPassword = proxy_password

./rhn/osad.conf:# enableProxy = 1

./rhn/osad.conf:# enableProxyAuth = 1

./rhn/osad.conf:# httpProxy = some.proxy.example.com:3030

./rhn/osad.conf:# proxyUser = proxy_user_name

./rhn/osad.conf:# proxyPassword = proxy_password

./rhn/osad.conf:# to try Satellite's jabberd if RHN Proxy's is not available.

./rhn/up2date:enableProxyAuth[comment]=To use an authenticated proxy or not

./rhn/up2date:enableProxyAuth=0

./rhn/up2date:enableProxy[comment]=Use a HTTP Proxy

./rhn/up2date:enableProxy=0

./rhn/up2date:proxyPassword[comment]=The password to use for an authenticated proxy

./rhn/up2date:proxyPassword=

./rhn/up2date:proxyUser[comment]=The username for an authenticated proxy

./rhn/up2date:proxyUser=

./rhn/up2date:httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128

./rhn/up2date:httpProxy=

./ha/conf/httpd.conf:LoadModule proxy_module modules/mod_proxy.so

The --verbose doesn't give a lot more:

/usr/lib/vmware-vcli/apps/general/connect.pl --verbose --url https://1.1.1.166/sdk

Error: Server version unavailable at 'https://10.7.112.166/sdk/vimService.wsdl'

Thnx for the help.

Anything else?

Reply
0 Kudos
haplo2000
Contributor
Contributor

ok, you can try the following.

uninstall vsphere sdk 4 for Perl and install the VI Perl 1.6, thats the version before sdk 4. there is a better failure output.

Reply
0 Kudos
likid000
Contributor
Contributor

I installed the vi perl sdk :

VMware-VIPerl-1.6.0-104313.i386.tar.gz

/usr/lib/vmware-viperl/apps/general/connect.pl --url --username d --password cu

Error: Server version unavailable at 'https://1.7.1.1/sdk/vimService.wsdl' :1: parser error : Start tag expected, '<' not found

LWP will support https URLs if the Crypt::SSLeay module is installed.

^

at /usr/lib/perl5/site_perl/5.8.8/VMware/VICommon.pm line 323

I have the SSLeay installed:

  1. rpm -qa | grep -i SSLeay

perl-Crypt-SSLeay-0.51-11.el5

perl-Net-SSLeay-1.30-4.fc6

Reply
0 Kudos
jontrott
Contributor
Contributor

As detailed here:

http://search.cpan.org/~sullr/Net-SSLGlue-0.2/lib/Net/SSLGlue/LWP.pm and here:

http://www.dagolden.com/index.php/1395/with-lwp-6-you-probably-need-mozillaca/

The LWP libraries started doing certificate verification by default with version 6.

This causes the current vcli to fail to connect to a vSphere without a trusted and verifiable certificate.

I fixed this error by doing the following:

yum install perl-IO-Socket-SSL

vi /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/https.pm

Look for the following line near the top:

        $ssl_opts{SSL_verify_mode} ||= 1;

Change it to:

        $ssl_opts{SSL_verify_mode} ||= 0;

This is on CentOS 5.5, you might have different paths on different platforms.

This fixed the error for me, I guess we need to wait for an updated vcli that disables certificate verification as part of the LWP calls.

liedekef
Contributor
Contributor

The correct way to disable SSL verification using LWP, is to add this at the top of your perl script:

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

Franky

Reply
0 Kudos
RTC81
Contributor
Contributor

Hello.

I have the same problem. I have set the Variable to the VICommon.pm. But this don't help.

Could somebody help me? I have no idea any more.

Kind Regards,

Rolf

Reply
0 Kudos
liedekef
Contributor
Contributor

Did you add the line I mentioned at the top of your *own* perl script? I don't know if adding it to VICommon.pm helps.

Reply
0 Kudos
RTC81
Contributor
Contributor

Hello liedekef.

Thank you for your fast posting. I have insert the $ENV in every script I have (check_esx3, vmware-cmd) and nothing helped.

Everytime I try to connect an ESX Server, I get the message "Server version unavailable at 'https://192.168.20.4:443/sdk/vimService.wsdl' at /usr/lib/perl5/5.10.0/VMware/VICommon.pm line 545".

Kind Regards,

Rolf

Reply
0 Kudos
liedekef
Contributor
Contributor

Does your perl use LWP for ssl? If you you need to insert another environment variable.

Reply
0 Kudos
RTC81
Contributor
Contributor

I think so. At the end I want to check over nagios with check_esx3 script.

Which variables should I also insert?

Thank you.


Kind regards,

Rolf

Reply
0 Kudos
RTC81
Contributor
Contributor

Insane.

On one nagios server it works. But I don't know why. 😕 .

Rolf

Reply
0 Kudos
stumpr
Virtuoso
Virtuoso

Take a look at this forum post: http://communities.vmware.com/message/1347703#1347703

A poster there was able to resolve a similar issue with -

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;



I believe the initial thinking is the newer versions of LWP may be doing a more secure check of the host certificate.  I'll be honest, I've not been able to reproduce the issue.  My environment (run against ESXi hosts both stand-alone and in a vCenter cluster).  The one thing I haven't tried is going against a classic ESX host.  Let me know if you have classic ESX servers in your environment that the nagios script is running against. 

Perl Version 5.12.3

LWP Version: 5.837

Crypt::SSLeay Version: 0.58

The one thing that seems common between all the users reporting this issue is the check_esx nagios script.

Just out of curiousity sake, what's the perl, nagios script, lwp and ssleay versions on your two servers?

perl -v
perl -MLWP -e 'print "LWP Version: $LWP::VERSION\n"'
perl -MCrypt::SSLeay -e 'print "Crypt::SSLeay Version: $Crypt::SSLeay::VERSION\n"'
Reuben Stump | http://www.virtuin.com | @ReubenStump
Reply
0 Kudos
djaquays
Enthusiast
Enthusiast

I was able to  fix my issue by adding the line suggested at the top of VICommon.pl.

user@host:~/Desktop> diff /usr/lib/perl5/5.10.0/VMware/VICommon.pm~ /usr/lib/perl5/5.10.0/VMware/VICommon.pm
19a20,21
> ##Fix for invalid certs on hosts.
> $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

Also, to verify the issue I had added this to see what was actually being returned by the script just above the if statement that fails. Line 542 before added the two lines to fix the issue.

die $response->content;

Reply
0 Kudos