cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Highlighted
Level 10

Vcenter status unknown in VMan

Jump to solution

Hi,

In our VMan vcenters are showing as grayed out with description Node status unknown. While checking the Virtualization settings Polling status is shown as Polling with Polling method VMAN Orion enabled. Also the credentials used for VMware polling is working and testing is successful.

Can some one help me to know what can be the reason for this.  We are using VMan 8.4

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Level 10

Re: Vcenter status unknown in VMan

Jump to solution

HI,

The issue has been fixed with the help of Solarwinds support. As per them this is a know bug in  VMan 8.4.

In the job engine V2 log observed the error

WorkerProcess failed to start System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'localhost:49152'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Performed the below steps for resolving

Step 1

1. Go to http://<address>/Orion/Admin/AdvancedConfiguration/Global.aspx

2. Search for CustomWorkerCommandParams and append this string "-Djdk.tls.ephemeralDHKeySize=2048" to current value  to enforce DH to use 2048 on java server side as well.

Final value should look like this:

-Xmx1536M -Djdk.tls.ephemeralDHKeySize=2048

Confirmed Registry Key was

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman\ClientMinKeyBitLength to 1024 (400 HEX)

Step 2

Download and run IIS Crypto

https://www.nartac.com/Products/IISCrypto

Enable the following ciphers. These are ciphers for Diffie-Hellman key exchange algorithm.

Untitled.png

Rebooted machine

View solution in original post

10 Replies
Highlighted
Level 11

Re: Vcenter status unknown in VMan

Jump to solution

You might be affected by certificate negotiation issue which could appear in 8.4. Try to check the following KB article to see if you are able to see the same errors in the logs: Success Center: Could not establish secure channel for SSL/TLS  

Highlighted
Level 10

Re: Vcenter status unknown in VMan

Jump to solution

HI Lukas,

I am having the same error log in  job engine log file. So I have did the same steps mentioned in the KB article. But still I am getting the same errors in the log file and the Vcenter status is also unknown.

Any help please.

0 Kudos
Highlighted

Re: Vcenter status unknown in VMan

Jump to solution

from: Success Center

CAUSE

This can happen if there is an issue with the licensed socket count. If you check the licensed sockets in the License Details page, you may find that it is negative.

RESOLUTION

  1. Restart the SolarWinds Orion Module Engine service.
  2. Check the licensed socket count again. It should show the correct number. Polling should resume correctly after a few minutes.

---

If that's not working then open up a support ticket as you might be affected by a bug (caused by Diffie-Hellman key size set to 2048 bit) for which SolarWinds has a solution.

0 Kudos
Highlighted
Level 10

Re: Vcenter status unknown in VMan

Jump to solution

Hi Steffen,

We are currently working with evaluation version, so not getting any error in license page. Still we tried to restart the Orion Module Engine Service, but havent resolved the issue.

The KB article provided by Lucas is the same one I am facing because I have the same errors job engine log, but that resolution also haven't worked in my environment.

0 Kudos
Highlighted

Re: Vcenter status unknown in VMan

Jump to solution
If that's not working then open up a support ticket as you might be affected by a bug (caused by Diffie-Hellman key size set to 2048 bit) for which SolarWinds has a solution.

Seeing you are testing VMAN at the moment, I'd say to reach out to your SolarWinds Sales Account Manager to get a Pre-Sales Engineer to assist you.

0 Kudos
Highlighted
Level 10

Re: Vcenter status unknown in VMan

Jump to solution

Hi Steffen,

I have contacted Solarwinds support for this and they are asking me to upgrade to 8.5, No other resolution they have

0 Kudos
Highlighted
Level 12

Re: Vcenter status unknown in VMan

Jump to solution
Highlighted
Level 10

Re: Vcenter status unknown in VMan

Jump to solution

HI,

The issue has been fixed with the help of Solarwinds support. As per them this is a know bug in  VMan 8.4.

In the job engine V2 log observed the error

WorkerProcess failed to start System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'localhost:49152'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Performed the below steps for resolving

Step 1

1. Go to http://<address>/Orion/Admin/AdvancedConfiguration/Global.aspx

2. Search for CustomWorkerCommandParams and append this string "-Djdk.tls.ephemeralDHKeySize=2048" to current value  to enforce DH to use 2048 on java server side as well.

Final value should look like this:

-Xmx1536M -Djdk.tls.ephemeralDHKeySize=2048

Confirmed Registry Key was

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman\ClientMinKeyBitLength to 1024 (400 HEX)

Step 2

Download and run IIS Crypto

https://www.nartac.com/Products/IISCrypto

Enable the following ciphers. These are ciphers for Diffie-Hellman key exchange algorithm.

Untitled.png

Rebooted machine

View solution in original post

MVP
MVP

Re: Vcenter status unknown in VMan

Jump to solution

thank you for posting the work around - glad it worked for you!

the chew toy for the dog of life
0 Kudos