In our VMan vcenters are showing as grayed out with description Node status unknown. While checking the Virtualization settings Polling status is shown as Polling with Polling method VMAN Orion enabled. Also the credentials used for VMware polling is working and testing is successful.
Can some one help me to know what can be the reason for this. We are using VMan 8.4
Solved! Go to Solution.
You might be affected by certificate negotiation issue which could appear in 8.4. Try to check the following KB article to see if you are able to see the same errors in the logs: Success Center: Could not establish secure channel for SSL/TLS
I am having the same error log in job engine log file. So I have did the same steps mentioned in the KB article. But still I am getting the same errors in the log file and the Vcenter status is also unknown.
Any help please.
We are currently working with evaluation version, so not getting any error in license page. Still we tried to restart the Orion Module Engine Service, but havent resolved the issue.
The KB article provided by Lucas is the same one I am facing because I have the same errors job engine log, but that resolution also haven't worked in my environment.
If that's not working then open up a support ticket as you might be affected by a bug (caused by Diffie-Hellman key size set to 2048 bit) for which SolarWinds has a solution.
Seeing you are testing VMAN at the moment, I'd say to reach out to your SolarWinds Sales Account Manager to get a Pre-Sales Engineer to assist you.
The issue has been fixed with the help of Solarwinds support. As per them this is a know bug in VMan 8.4.
In the job engine V2 log observed the error
WorkerProcess failed to start System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'localhost:49152'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
Performed the below steps for resolving
2. Search for CustomWorkerCommandParams and append this string "-Djdk.tls.ephemeralDHKeySize=2048" to current value to enforce DH to use 2048 on java server side as well.
Final value should look like this:
Confirmed Registry Key was
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman\ClientMinKeyBitLength to 1024 (400 HEX)
Download and run IIS Crypto
Enable the following ciphers. These are ciphers for Diffie-Hellman key exchange algorithm.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.