SSL_ERROR_UNSUPPORTED_VERSION

SSL_ERROR_UNSUPPORTED_VERSION KB ID 0001856

Problem

I get it, older versions of TLS and SSL are insecure and we should not be using them. However I needed to get on an HPE Server iLO management interface last week and I

was met with this.

Firefox Error: SSL_ERROR_UNSUPPORTED_VERSION
Microsoft Edge, Chrome, and Opera Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Microsoft Internet Explorer Error:
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner. Your TLS security settings aren’t set to the defaults, which could also be causing this error.

Firefox Solution : SSL_ERROR_UNSUPPORTED_VERSION

I advise you just do this to get to the page you need to and set it back afterwards. In your browser windows enter about:config, Type TLS into the search bar and locate security.tls.version.min and change its value to 1, Then tick to save.

And now, I can get to where I want to go.

IE Solution : SSL_ERROR_UNSUPPORTED_VERSION

Yeah, I know Internet Explorer is supposed to be dead, but it’s still there and you can utilise it to solve this problem, from your internet options in IE > Advanced  > you can then enable TLS 1.1. and 1.2.

You will still get a warning but now you can click past it.

Related Articles, References, Credits, or External Links

ERR_CERT_WEAK_SIGNATURE_ALGORITHM

ERR_CERT_COMMON_NAME_INVALID

 

iLO: Java Error “Unable to Load Resource”

KB ID 0001567

Problem

When attempting to connect to an iLO 3 remote console on an HP Server;

General Exception
Name: com.hp.ilo2.intgapp.intgapp
ExitException: Unable to load resource
https://{Server}/html/intgapp3_231.jar

Solution

Having added the URL to the iLO to the trusted sites in the the Java Preferences, I thought this all I had to do. Turns out I was wrong. Navigate to Administration > Security > Encryption > Encryption Enforcement Settings > Enforce AES/DES Encryption > Change to ‘Enabled‘ > Apply > Wait for the iLO to reset, and try again.

Related Articles, References, Credits, or External Links

NA

Windows Certificate Services ‘certsrv’ Website displays 403.14

KB ID 0001342 

Problem

I seem to get all the PKI/Certificate services problems! Yesterday I was trying to use the web enrolment portal on a certificate services server, and could not get in locally, (or remotely) via http, (or https) it simply showed me a 403.14 error.

HTTP Error 403.14 Forbidden

Solution

This was an odd one, in IIS Manager select the ‘Certsrv’ virtual directory > Advanced Options > And look at the ‘Path’.

Mine was missing the ‘en-us‘ folder from the end of the path!

Note: You will need to open an administrative command window, and then execute an iisreset command, before the change will take effect.

Related Articles, References, Credits, or External Links

NA

vCenter – Management Ports

KB ID 0001324 

Problem

A while ago my colleague was struggling to get into a vCenter server. Normal https (TCP 443) wasn’t letting him in, I knew you could manage the appliance directly, (but I couldn’t remember the port number!) He knew there was an alternate port number, but we didn’t know what it was.

Solution

vCenter Appliance (Direct) Management Port

TCP: 5480

i.e. https://{ip-or-host-name}:5480

vCenter / vSphere Management Port

TCP: 443

i.e. https://{ip-or-host-name}

vCenter / vSphere Alternative Management Port

TCP: 9443

i.e. https://{ip-or-host-name}:9443

Note: You can also connect to the PSC, (Platform Services Controller) If you installed this role on the same appliance. The URL for that is https://{ip-or-host-name}/psc 

Related Articles, References, Credits, or External Links

NA

Event ID 36888

KB ID 0000634 

Problem

This was driving me nuts on my Windows 7 x64 Laptop.

Log Name: System
Source: Schannel
Event ID: 36888
Task Category: None
Level: Error
User: SYSTEM
Description:
The following fatal alert was generated: 10. The internal error state is 10.

I was getting a dozen of these an hour!

Solution

This error is caused (from what I can gather) by an error in certificate negotiation, your machine is trying to initiate communications with another machine/server using a certificate and TLS and the process is producing this error TLS1_ALERT_UNEXPECTED_MESSAGE (10).

1. If your browser is the cause of the problem, then simply open Internet Options > Advanced > Untick all the TLS options > Apply.

2. However this DID NOT WORK for me, so something is programmatically chatting from my laptop using TLS. The bottom line is, this problem is probably not even on your machine, so I’m simply going to disable SCHANNEL logging.

Note: If your Error does NOT say “The following fatal alert was generated: 10. The internal error state is 10“. then I would suggest NOT doing this.

3. In the search run box type regedit and navigate to the following key;

[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > SecurityProviders > SCHANNEL
[/box]

Change the EventLogging value from 1 to 0 (that’s a zero).

Related Articles, References, Credits, or External Links

NA

Event ID 8003

KB ID 0000139 

Problem

Event ID 8003

The master browser has received a server announcement from the computer <computername> that believes that it is the master browser for the domain on transport %3. The master browser is stopping or an election is being forced.

Incorrect setting on Client PC fo the master browser.

Solution

Take note of what <clientname> is and go to that machine

Start > run > regedit {enter} Navigate to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesBrowserParameters

Modify the MaintainServerList and/or the IsDomainMaster key to a value explained here:

MaintainServerList No This PC will not participate as a browser.

Make sure the following DOES NOT exist

IsDomainMaster True Designate this PC as the preferred master browser.

Related Articles, References, Credits, or External Links

NA

ESX4 “Web Access” 503 Service Unavailable Error

KB ID 0000150 

Problem

If you connect to an ESX4 Server and attempt to “Log onto Web Access” you get a 503 Service Unavailable error.

This is because unlike EXS3 the web console is disabled, well not strictly true the service is usually running but the firewall (on the ESX server) is blocking it.

 

Solution

1. Log into the ESX Host with the VI Client software. (Note: If you don’t have the VI client you would normally be stuck in a Catch 22). However you can log onto the ESX Console as root and issue the following command;

[box] service vmware-webAccess start [/box]

2. Select the ESX Host > Configuration > Security Profile > Properties > Locate vSphere Web Access > Tick it.

3. Then click Options Select Start and Stop with the host > Restart.

Note: Post ESX host reboot you may see 503 Service Unavailable Errors for a few minutes go and have a cup of coffee by the time you come back it will be up.

Related Articles, References, Credits, or External Links

NA

vSphere 5 – Install and Configure the Web Client

KB ID 0000551 

Problem

The ability to administer vCenter via a web browser is nothing new, vCenter has had a web console in previous versions.

vCenter vSphere 4 Web Client (Web Access)

The version with vSphere 5 is much more feature rich. Like the VMware vSphere client it talks directly to the vCenter vSphere API, but unlike previous web access, the component needs to be installed and configured before you can use it.

What the Web Client Can Do

1. Connect to a vSphere vCenter server.

2. Can be used on non Windows machines (VI Client is Windows only).

3. Deploy Virtual Machines (Including deployment from Templates).

4. Configure Virtual Machines.

5. Provide basic monitoring.

What the Web Client Can’t Do

1. Manage Hosts

2. Manage Clusters

3. Manage Networks.

4. Manage Datastores or Datastore Clusters.

5. Connect to ESX or ESXi hosts.

Solution

Step 1 Install and Configure Web Access

Prerequisite: The vCenter server needs to have Adobe Flash installing on it to access the management console.

1. From the vCenter Installer media select “VMware vSphere Web Client (Server) > Install > Follow the on screen prompts.

2. Accept all the defaults, note the secure port number we will be using that later (TCP Port 9443).

3. Once installed > On the vCenter server itself open a browser window > navigate to > https://{servername}:9443/admin-app > Select “Register vCenter Server”.

vSphere Web Client Supported Browsers: Internet Explorer (7 or newer) and Firefox (3.5 or newer), I’ve tried Chrome, it works, but some functionality is lost. (anything that requires the plug in i.e. console connections).

4. Enter the details for the vCenter server > Take note of the URL for your client to access (https://{servername}:9443/vsphere-client) > Register.

5. You will probably be using self signed certificates to tick the box and select “Ignore”.

6. That’s the server configured and ready to go.

Step 2 – Access the vCenter from web client

1. Open a browser window and navigate to https://{servername}:9443/vsphere-client> You may receive a warning about the certificate (because it’s self signed) click to continue > Enter your credentials > Login.

2. The first time you connect it launches the welcome splash screen > tick “Do not show..” and close the window. (Note you can launch it again from the help menu).

Note: If you see this error:

Connection Error
Unable to connect to vCenter Inventory Service –
https://{servername}:10443

Check on the vCenter server to make sure this service is running.

3. You should then be connected, and be able to browse your virtual infrastructure.

4. You can “console” onto your VM’s (Note: will need a plug in installing your browser will prompt you to accept/install).

 

Related Articles, References, Credits, or External Links

NA

Internet Explorer – Disable the Pop-up Blocker

KB ID 0000514 

Problem

I don’t usually use IE, so when I was asked how to do this I didn’t have the answer to hand.

Solution

1. Whilst you have IE open > Locate the small “Cog” icon (top right).

2. From the menu presented choose “Internet Options”.

3. Select the “Privacy” tab and locate the “Turn on Pop-up blocker” option, and ensure it is NOT selected > Apply > OK.

4. Then restart the browser.

Related Articles, References, Credits, or External Links

NA