I had been tasked with upgrading an environment from vCenter 5.5 update 2 to update 3e. Sounds straight forward right? Well the environment has SRM (Site Recovery Manager) 220.127.116.11 installed. That shouldn’t be a problem though should it? Let’s start by updating the DR side first.
Well guess what, vCenter install went swimmingly! You cannot really go wrong with the installation which ever method you use. I used the simple install method and ran through each component in the order below:
- Single Sign On (SSO)
- Web Client
- Inventory Service
- vCenter Server
So now is the time to check out SRM… So after launching the SRM client plugin within the C# vSphere client it attempts to connect and fails with a 503 error.
After trying the usual first troubleshooting tasks like relaunching the client or restarting the service in hope that something will magically change and start working. It was time to do some investigation. After browsing the World Wide Web I came across a suggestion that performing a modify on the installation from the control panel would verify the vCenter Server Certificate again and all will be well. Ta-Da!
Well that didn’t go as expected. This unexpected (I can vouch for this) error is occurring during connection to vCenter, having done some more documentation/blog/forum reading I have found that SRM 5.5.1 attempts to connect to vCenter using SSLv3 which was disabled in vSphere 5.5 Update 3b…
Here is a link to the patch notes for vCenter Server 5.5 Update 3b:
So how do we get around this issue? Well the best method would be to install vCenter Site Recovery Manager 5.8.1. However due to this work being carried out under change control which brings time restraints. Let’s look at an alternative method and plan a future upgrade to Site Recovery Manager 5.8.1. (This information can be found on VMware KB2142487)
Let’s re-enabling SSLv3. As outline in the patch notes for Update 3b SSLv3 was disabled due to a POODLE vulnerability. Please be aware of this when re-enabling SSLv3.
To allow connections from SRM to vCenter we need to update the vpxd.cfg file in the below location:
Note. For VCSA deployments the location is /etc/vmware-vpx/vpxd.cfg
Heads up, before amending any config file its best to make a duplicate copy.
You will need to add <sslOptions>16924672</sslOptions> within the <ssl> tags. Example below:
<vmacore> <threadPool> <TaskMax>90</TaskMax> <threadNamePrefix>vpxd</threadNamePrefix> </threadPool> <ssl> <useCompression>true</useCompression> <sslOptions>16924672<\sslOptions> </ssl> </vmacore>
Once the file has been updated restart the vpxd (vCenter) service.
Now let’s trying reconnecting to the SRM client and…