I get it, older versions of TLS and SSL are insecure and we should not be using them. However I needed to get on an HPE Server iLO management interface last week and I
was met with this.
Firefox Error: SSL_ERROR_UNSUPPORTED_VERSION Microsoft Edge, Chrome, and Opera Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Microsoft Internet Explorer Error: This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner. Your TLS security settings aren’t set to the defaults, which could also be causing this error.
Firefox Solution : SSL_ERROR_UNSUPPORTED_VERSION
I advise you just do this to get to the page you need to and set it back afterwards. In your browser windows enter about:config, Type TLS into the search bar and locate security.tls.version.min and change its value to 1, Then tick to save.
And now, I can get to where I want to go.
IE Solution : SSL_ERROR_UNSUPPORTED_VERSION
Yeah, I know Internet Explorer is supposed to be dead, but it’s still there and you can utilise it to solve this problem, from your internet options in IE > Advanced > you can then enable TLS 1.1. and 1.2.
You will still get a warning but now you can click past it.
Related Articles, References, Credits, or External Links
When attempting to connect to an iLO 3 remote console on an HP Server;
General Exception Name: com.hp.ilo2.intgapp.intgapp
ExitException: Unable to load resource
https://{Server}/html/intgapp3_231.jar
Solution
Having added the URL to the iLO to the trusted sites in the the Java Preferences, I thought this all I had to do. Turns out I was wrong. Navigate to Administration > Security > Encryption > Encryption Enforcement Settings > Enforce AES/DES Encryption > Change to ‘Enabled‘ > Apply > Wait for the iLO to reset, and try again.
Related Articles, References, Credits, or External Links
I seem to get all the PKI/Certificate services problems! Yesterday I was trying to use the web enrolment portal on a certificate services server, and could not get in locally, (or remotely) via http, (or https) it simply showed me a 403.14 error.
HTTP Error 403.14 Forbidden
Solution
This was an odd one, in IIS Manager select the ‘Certsrv’ virtual directory > Advanced Options > And look at the ‘Path’.
Mine was missing the ‘en-us‘ folder from the end of the path!
Note: You will need to open an administrative command window, and then execute an iisreset command, before the change will take effect.
Related Articles, References, Credits, or External Links
A while ago my colleague was struggling to get into a vCenter server. Normal https (TCP 443) wasn’t letting him in, I knew you could manage the appliance directly, (but I couldn’t remember the port number!) He knew there was an alternate port number, but we didn’t know what it was.
Solution
vCenter Appliance (Direct) Management Port
TCP: 5480
i.e. https://{ip-or-host-name}:5480
vCenter / vSphere Management Port
TCP: 443
i.e. https://{ip-or-host-name}
vCenter / vSphere Alternative Management Port
TCP: 9443
i.e. https://{ip-or-host-name}:9443
Note: You can also connect to the PSC, (Platform Services Controller) If you installed this role on the same appliance. The URL for that is https://{ip-or-host-name}/psc
Related Articles, References, Credits, or External Links
This was driving me nuts on my Windows 7 x64 Laptop.
Log Name: System
Source: Schannel
Event ID: 36888
Task Category: None
Level: Error
User: SYSTEM
Description:
The following fatal alert was generated: 10. The internal error state is 10.
I was getting a dozen of these an hour!
Solution
This error is caused (from what I can gather) by an error in certificate negotiation, your machine is trying to initiate communications with another machine/server using a certificate and TLS and the process is producing this error TLS1_ALERT_UNEXPECTED_MESSAGE (10).
1. If your browser is the cause of the problem, then simply open Internet Options > Advanced > Untick all the TLS options > Apply.
2. However this DID NOT WORK for me, so something is programmatically chatting from my laptop using TLS. The bottom line is, this problem is probably not even on your machine, so I’m simply going to disable SCHANNEL logging.
Note: If your Error does NOT say “The following fatal alert was generated: 10. The internal error state is 10“. then I would suggest NOT doing this.
3. In the search run box type regedit and navigate to the following key;
[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > SecurityProviders > SCHANNEL
[/box]
Change the EventLogging value from 1 to 0 (that’s a zero).
Related Articles, References, Credits, or External Links
The master browser has received a server announcement from the computer <computername> that believes that it is the master browser for the domain on transport %3. The master browser is stopping or an election is being forced.
Incorrect setting on Client PC fo the master browser.
Solution
Take note of what <clientname> is and go to that machine
Start > run > regedit {enter} Navigate to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesBrowserParameters
Modify the MaintainServerList and/or the IsDomainMaster key to a value explained here:
MaintainServerList No This PC will not participate as a browser.
Make sure the following DOES NOT exist
IsDomainMaster True Designate this PC as the preferred master browser.
Related Articles, References, Credits, or External Links
If you connect to an ESX4 Server and attempt to “Log onto Web Access” you get a 503 Service Unavailable error.
This is because unlike EXS3 the web console is disabled, well not strictly true the service is usually running but the firewall (on the ESX server) is blocking it.
Solution
1. Log into the ESX Host with the VI Client software. (Note: If you don’t have the VI client you would normally be stuck in a Catch 22). However you can log onto the ESX Console as root and issue the following command;
[box] service vmware-webAccess start [/box]
2. Select the ESX Host > Configuration > Security Profile > Properties > Locate vSphere Web Access > Tick it.
3. Then click Options Select Start and Stop with the host > Restart.
Note: Post ESX host reboot you may see 503 Service Unavailable Errors for a few minutes go and have a cup of coffee by the time you come back it will be up.
Related Articles, References, Credits, or External Links
The ability to administer vCenter via a web browser is nothing new, vCenter has had a web console in previous versions.
vCenter vSphere 4 Web Client (Web Access)
The version with vSphere 5 is much more feature rich. Like the VMware vSphere client it talks directly to the vCenter vSphere API, but unlike previous web access, the component needs to be installed and configured before you can use it.
What the Web Client Can Do
1. Connect to a vSphere vCenter server.
2. Can be used on non Windows machines (VI Client is Windows only).
3. Deploy Virtual Machines (Including deployment from Templates).
Prerequisite: The vCenter server needs to have Adobe Flash installing on it to access the management console.
1. From the vCenter Installer media select “VMware vSphere Web Client (Server) > Install > Follow the on screen prompts.
2. Accept all the defaults, note the secure port number we will be using that later (TCP Port 9443).
3. Once installed > On the vCenter server itself open a browser window > navigate to > https://{servername}:9443/admin-app > Select “Register vCenter Server”.
vSphere Web Client Supported Browsers: Internet Explorer (7 or newer) and Firefox (3.5 or newer), I’ve tried Chrome, it works, but some functionality is lost. (anything that requires the plug in i.e. console connections).
4. Enter the details for the vCenter server > Take note of the URL for your client to access (https://{servername}:9443/vsphere-client) > Register.
5. You will probably be using self signed certificates to tick the box and select “Ignore”.
6. That’s the server configured and ready to go.
Step 2 – Access the vCenter from web client
1. Open a browser window and navigate to https://{servername}:9443/vsphere-client> You may receive a warning about the certificate (because it’s self signed) click to continue > Enter your credentials > Login.
2. The first time you connect it launches the welcome splash screen > tick “Do not show..” and close the window. (Note you can launch it again from the help menu).
Note: If you see this error:
Connection Error
Unable to connect to vCenter Inventory Service –
https://{servername}:10443
Check on the vCenter server to make sure this service is running.
3. You should then be connected, and be able to browse your virtual infrastructure.
4. You can “console” onto your VM’s (Note: will need a plug in installing your browser will prompt you to accept/install).
Related Articles, References, Credits, or External Links