gregxn 0 Posted December 22, 2020 Share Posted December 22, 2020 Hi admins, I am facing a interesting issue while tryin to sync Vcenter. all task settings are good. But there is task failure all the time. This is error: Failed to connect to URI: https://FQDN-vcednter.com/sdk/vimService. Code: 214Reason: NodSSL error occurred in completeHandshake.RecvEncryptedData (Certificate verification did not pass). Local: ESETProtectIP:62081 Peer: VCENTERip. Certificate is OK, But i found that Vmware posted this: https://kb.vmware.com/s/article/1003218 Is it possible that Eset is calling vcenter with wrong SDK address URI? URI: https://FQDN-vcednter.com/sdk/vimService <-- Not working in browser URI: https://FQDN-vcednter.com/sdk/vimService.wsdl <-- Working in browser Vcenter is 6.5. On one of the older vcenters (version 6) this sync task work. Link to comment Share on other sites More sharing options...
gregxn 0 Posted December 22, 2020 Author Share Posted December 22, 2020 sorry but these are some details that i forgot. ESET PROTECT (Server), Version 8.0 (8.0.1238.0)ESET PROTECT (Web Console), Version 8.0 (8.0.170.0) Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted December 22, 2020 ESET Staff Share Posted December 22, 2020 Could you possible check trace.log in full verbosity for more details? Otherwise error indicates that there is an issue during TLS handshake with VMWare, which might be caused either by incompatibility between protocols, or certificate validation fails - for example there might be missing CA certificate in console required for validation. Also it is required that certificate properly signs hostname where PROTECT server is connecting, i.e. used hostname has to be present in certificate's common name or subject alternative name fields... Link to comment Share on other sites More sharing options...
gregxn 0 Posted December 23, 2020 Author Share Posted December 23, 2020 Hi MartinK, this is the error displayed: Failed to connect to URI: https://FQDN-vcednter.com/sdk/vimService. Code: 214Reason: NodSSL error occurred in completeHandshake. Searching up internet brings VMware KB that describes exactly this error. https://kb.vmware.com/s/article/1003218 Quote You cannot access the SDK URL at https://servername/sdk When you access the URL on Internet Explorer 6, the page tries to load but is unsuccessful When you access the URL on Internet Explorer 7, you see the error:HTTP 404 Not Found Quote Solution The service at https://localhost/sdk is not an HTML webserver that can serve web pages. The service functions over the SOAP protocol (an .xml based protocol) and only responds to SOAP requests. For example a SOAP protocol request will serve https://vcenteripaddress/sdk/vimService.wsdl page where vimservice.wsdl is the name of the Web Services Description Language (WSDL) webpage file provided by VMware. Opening manually in browser the URI ESET tries to access: https://FQDN-vcednter.com/sdk/vimService - Results in 404 error Opening manualy in browser URI Vmware offers as solution: https://FQDN-vcednter.com/sdk/vimService.wsdl - Results in opening sample XML as expected. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted December 29, 2020 ESET Staff Share Posted December 29, 2020 Unfortunately I am not sure it is error described in provided links, as in case of our service, connection fails sooner than actually URL can be accessed. I would recommend to open standard support ticket with ESET, where more details will have to be provided, as are details and versions of VMWare environment, and possibly also network captures (wireshark) to verify what is going on and whether it might be wrong URL used by our service, or some other issue, for example with certificates or TLS algorithms. Link to comment Share on other sites More sharing options...
Recommended Posts