Jump to content

ESET protect 8, server task vcenter sync fail


Recommended Posts

Hi admins, I am facing a interesting issue while tryin to sync Vcenter. 

all task settings are good. But there is task failure all the time.

This is error:

Failed to connect to URI: https://FQDN-vcednter.com/sdk/vimService. Code: 214Reason: NodSSL error occurred in completeHandshake.RecvEncryptedData (Certificate verification did not pass). Local: ESETProtectIP:62081 Peer: VCENTERip.

Certificate is OK, But i found that Vmware posted this:

https://kb.vmware.com/s/article/1003218

 

Is it possible that Eset is calling vcenter with wrong SDK address URI? 

URI: https://FQDN-vcednter.com/sdk/vimService   <-- Not working in browser

URI: https://FQDN-vcednter.com/sdk/vimService.wsdl  <-- Working in browser

Vcenter is 6.5. On one of the older vcenters (version 6) this sync task work.

Link to comment
Share on other sites

sorry but these are some details that i forgot.

ESET PROTECT (Server), Version 8.0 (8.0.1238.0)
ESET PROTECT (Web Console), Version 8.0 (8.0.170.0)

 

Link to comment
Share on other sites

  • ESET Staff

Could you possible check trace.log in full verbosity for more details? Otherwise error indicates that there is an issue during TLS handshake with VMWare, which might be caused either by incompatibility between protocols, or certificate validation fails - for example there might be missing CA certificate in console required for validation. Also it is required that certificate properly signs hostname where PROTECT server is connecting, i.e. used hostname has to be present in certificate's common name or subject alternative name fields...

Link to comment
Share on other sites

Hi MartinK,

 

this is the error displayed: Failed to connect to URI: https://FQDN-vcednter.com/sdk/vimService. Code: 214Reason: NodSSL error occurred in completeHandshake.

Searching up internet brings VMware KB that describes exactly this error.

https://kb.vmware.com/s/article/1003218

Quote
  • You cannot access the SDK URL at https://servername/sdk
  • When you access the URL on Internet Explorer 6, the page tries to load but is unsuccessful
  • When you access the URL on Internet Explorer 7, you see the error:

    HTTP 404 Not Found

 

Quote
Solution
The service at https://localhost/sdk is not an HTML webserver that can serve web pages. The service functions over the SOAP protocol (an .xml based protocol) and only responds to SOAP requests.
 
For example a SOAP protocol request will serve https://vcenteripaddress/sdk/vimService.wsdl page where vimservice.wsdl is the name of the Web Services Description Language (WSDL) webpage file provided by VMware.

 

Opening manually in browser the URI ESET tries to access: 

https://FQDN-vcednter.com/sdk/vimService - Results in 404 error

Opening manualy in browser URI Vmware offers as solution:

https://FQDN-vcednter.com/sdk/vimService.wsdl - Results in opening sample XML as expected.

 

 

Link to comment
Share on other sites

  • ESET Staff

Unfortunately I am not sure it is error described in provided links, as in case of our service, connection fails sooner than actually URL can be accessed.

I would recommend to open standard support ticket with ESET, where more details will have to be provided, as are details and versions of VMWare environment, and possibly also network captures (wireshark) to verify what is going on and whether it might be wrong URL used by our service, or some other issue, for example with certificates or TLS algorithms.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...