08-12-2009 07:02 AM
Hi,
I got an error when i try to establish svs connection between n1000 and vc.
n1000v-hostname(config-svs-conn)# show svs connections
connection VC:
ip address: 172.17.80.19
protocol: vmware-vim https
datacenter name: default
DVS uuid: -
config status: Disabled
operational status: Disconnected
n1000v-hostname(config-svs-conn)#
[VMWARE-VIM] Operation could not be completed due to connection failure. EOF was observed that violates the protocol. The client probably provided invalid authentication information.' : Details: 'SSL connect failed in tcp_connect()
I can ping 172.17.80.19.
i have the latest nexus software (nexus-1000v-mz.4.0.4.SV1.1.bin)
do sombody have any idea whats wrong in my setup?
08-12-2009 07:28 AM
Hi,
just to check the most common problem causes at this stage. Could you please confirm that you've done the following or that the steps work:
Chris
08-13-2009 02:20 AM
Hi,again and thank you wery mouch for a great reply.
Thank you wery mouch for your help so far, though my problem persist.
08-17-2009 01:17 AM
My problem persists, anybody, please... =)
08-17-2009 01:29 AM
Can you post the following:
- show run (from VSM)
- proxy.xml file from your vCenter Server C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\
- screenshot of the browser window then you open "https://localhost" on your vCenter server, and click View Certificate
As this issue seems to be SSL related you might want to try and regenerate your vCenter certificates and try again the svs connection again. Instructions for this can be found here: http://www.vmware.com/pdf/vi_vcserver_certificates.pdf
Cheers,
Robert
08-17-2009 03:13 AM
Thank you wery mouch for a fast reply. Can you find any solution from the info i have provded?
Can you post the following:
- show run (from VSM)
- proxy.xml file from your vCenter Server C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\
<config>
<EndpointList>
<_length>15</_length>
<_type>vim.ProxyService.EndpointSpec[]</_type>
<e id="0">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
<serverNamespace>/</serverNamespace>
</e>
<e id="1">
<_type>vim.ProxyService.RedirectSpec</_type>
<accessMode>httpOnly</accessMode>
<port>8080</port>
<redirectType>found</redirectType>
<serverNamespace>/Query</serverNamespace>
</e>
<e id="10">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
<serverNamespace>/vpxdhealth</serverNamespace>
</e>
<e id="11">
<_type>vim.ProxyService.RedirectSpec</_type>
<accessMode>httpAndHttps</accessMode>
<port>8080</port>
<redirectType>found</redirectType>
<serverNamespace>/vws</serverNamespace>
</e>
<e id="12">
<_type>vim.ProxyService.LocalTunnelSpec</_type>
<accessMode>httpOnly</accessMode>
<port>8089</port>
<serverNamespace>172.17.80.19:8089</serverNamespace>
</e>
<e id="13">
<_type>vim.ProxyService.LocalTunnelSpec</_type>
<accessMode>httpOnly</accessMode>
<port>8089</port>
<serverNamespace>sdkTunnel:8089</serverNamespace>
</e>
<e id="14">
<_type>vim.ProxyService.LocalTunnelSpec</_type>
<accessMode>httpOnly</accessMode>
<port>8089</port>
<serverNamespace>srvkrsapp09.nov.com:8089</serverNamespace>
</e>
<e id="2">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpAndHttps</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
<serverNamespace>/client/clients.xml</serverNamespace>
</e>
<e id="3">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-mob-pipe</pipeName>
<serverNamespace>/mob</serverNamespace>
</e>
<e id="4">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpAndHttps</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
<serverNamespace>/nfc</serverNamespace>
</e>
<e id="5">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<port>8085</port>
<serverNamespace>/sdk</serverNamespace>
</e>
<e id="6">
<_type>vim.ProxyService.LocalTunnelSpec</_type>
<accessMode>httpOnly</accessMode>
<port>8089</port>
<serverNamespace>/sdkTunnel</serverNamespace>
</e>
<e id="7">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<port>8080</port>
<serverNamespace>/sms</serverNamespace>
</e>
<e id="8">
<_type>vim.ProxyService.LocalServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<port>8080</port>
<serverNamespace>/ui</serverNamespace>
</e>
<e id="9">
<_type>vim.ProxyService.NamedPipeServiceSpec</_type>
<accessMode>httpsWithRedirect</accessMode>
<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
<serverNamespace>/vod</serverNamespace>
</e>
</EndpointList>
</config>
- screenshot of the browser window then you open "https://localhost" on your vCenter server, and click View Certificate
As this issue seems to be SSL related you might want to try and regenerate your vCenter certificates and try again the svs connection again. Instructions for this can be found here: http://www.vmware.com/pdf/vi_vcserver_certificates.pdf
Will replacing the default server certificate affect only the VCM VM or will it avffect all VMs on the vmware server?
Cheers,
Robert
08-17-2009 02:33 PM
Your config and proxy.xml look ok.
Regenerating the certs will require you to place the new keys on each of your ESX servers as the document details.
A less interuptive step we can do first is grab a packet capture of the communication between your VSM and VC when you attempt to connect. The easiest way would be to sniff the port of your VC assuming your VC is a physical server.
By that traffic would should see why VC is rejecting your VSM's svs connection.
Robert
08-19-2009 03:02 AM
The most interesting information i could in the text was the following:
-----------------------------------------
CONNECT sdkTunnel:8089 HTTP/1.0\r\n
[Expert Info (Chat/Sequence): CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
[Message: CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: CONNECT
Request URI: sdkTunnel:8089
Request Version: HTTP/1.0
\r\n
No. Time Source Destination Protocol Info
93 1.856457 172.17.80.19 172.17.80.120 HTTP HTTP/1.1 400 Bad Request (text/html)
--------------------------------------------
Anywone, please help, i am still in the dark regarding resolving my problem.
Here is a export of 8 packages:
No. Time Source Destination Protocol Info
86 1.854184 172.17.80.120 172.17.80.19 TCP 51915 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=16513861 TSER=0 WS=6
Frame 86 (74 bytes on wire, 74 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.413426000
[Time delta from previous captured frame: 0.050361000 seconds]
[Time delta from previous displayed frame: 1.854184000 seconds]
[Time since reference or first frame: 1.854184000 seconds]
Frame Number: 86
Frame Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x7af3 (31475)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x071b [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.120 (172.17.80.120)
Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 0, Len: 0
Source port: 51915 (51915)
Destination port: http (80)
[Stream index: 32]
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0xe27d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1460 bytes
SACK permitted
Timestamps: TSval 16513861, TSecr 0
NOP
Window scale: 6 (multiply by 64)
No. Time Source Destination Protocol Info
89 1.855820 172.17.80.19 172.17.80.120 TCP http > 51915 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
Frame 89 (78 bytes on wire, 78 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.415062000
[Time delta from previous captured frame: 0.000012000 seconds]
[Time delta from previous displayed frame: 0.001636000 seconds]
[Time since reference or first frame: 1.855820000 seconds]
Frame Number: 89
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x2b82 (11138)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x1688 [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.19 (172.17.80.19)
Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 51915 (51915)
[Stream index: 32]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 44 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0x92d3 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
NOP
NOP
Timestamps: TSval 0, TSecr 0
NOP
NOP
SACK permitted
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 86]
[The RTT to ACK the segment was: 0.001636000 seconds]
No. Time Source Destination Protocol Info
91 1.856307 172.17.80.120 172.17.80.19 TCP 51915 > http [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16513861 TSER=0
Frame 91 (66 bytes on wire, 66 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.415549000
[Time delta from previous captured frame: 0.000369000 seconds]
[Time delta from previous displayed frame: 0.000487000 seconds]
[Time since reference or first frame: 1.856307000 seconds]
Frame Number: 91
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x7af5 (31477)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0721 [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.120 (172.17.80.120)
Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 51915 (51915)
Destination port: http (80)
[Stream index: 32]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5888 (scaled)
Checksum: 0x1702 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 16513861, TSecr 0
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 89]
[The RTT to ACK the segment was: 0.000487000 seconds]
No. Time Source Destination Protocol Info
92 1.856366 172.17.80.120 172.17.80.19 HTTP CONNECT sdkTunnel:8089 HTTP/1.0
Frame 92 (101 bytes on wire, 101 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.415608000
[Time delta from previous captured frame: 0.000059000 seconds]
[Time delta from previous displayed frame: 0.000059000 seconds]
[Time since reference or first frame: 1.856366000 seconds]
Frame Number: 92
Frame Length: 101 bytes
Capture Length: 101 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 87
Identification: 0x7af7 (31479)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x06fc [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.120 (172.17.80.120)
Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 1, Ack: 1, Len: 35
Source port: 51915 (51915)
Destination port: http (80)
[Stream index: 32]
Sequence number: 1 (relative sequence number)
[Next sequence number: 36 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5888 (scaled)
Checksum: 0x1291 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 16513861, TSecr 0
[SEQ/ACK analysis]
[Number of bytes in flight: 35]
Hypertext Transfer Protocol
CONNECT sdkTunnel:8089 HTTP/1.0\r\n
[Expert Info (Chat/Sequence): CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
[Message: CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: CONNECT
Request URI: sdkTunnel:8089
Request Version: HTTP/1.0
\r\n
No. Time Source Destination Protocol Info
93 1.856457 172.17.80.19 172.17.80.120 HTTP HTTP/1.1 400 Bad Request (text/html)
Frame 93 (229 bytes on wire, 229 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.415699000
[Time delta from previous captured frame: 0.000091000 seconds]
[Time delta from previous displayed frame: 0.000091000 seconds]
[Time since reference or first frame: 1.856457000 seconds]
Frame Number: 93
Frame Length: 229 bytes
Capture Length: 229 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http:data-text-lines]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 215
Identification: 0x2b83 (11139)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xd5ef [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.19 (172.17.80.19)
Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 1, Ack: 36, Len: 163
Source port: http (80)
Destination port: 51915 (51915)
[Stream index: 32]
Sequence number: 1 (relative sequence number)
[Next sequence number: 164 (relative sequence number)]
Acknowledgement number: 36 (relative ack number)
Header length: 32 bytes
Flags: 0x19 (FIN, PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size: 65500
Checksum: 0xf977 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 5367217, TSecr 16513861
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 92]
[The RTT to ACK the segment was: 0.000091000 seconds]
[Number of bytes in flight: 164]
Hypertext Transfer Protocol
HTTP/1.1 400 Bad Request\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 400 Bad Request\r\n]
[Message: HTTP/1.1 400 Bad Request\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Response Code: 400
Content-Type: text/html\r\n
Date: Wed, 19 Aug 2009 09:48:37 GMT\r\n
Connection: close\r\n
Content-Length: 34\r\n
[Content length: 34]
\r\n
Line-based text data: text/html
<h1>Bad Request (Invalid URL)</h1>
No. Time Source Destination Protocol Info
94 1.857812 172.17.80.120 172.17.80.19 HTTP Continuation or non-HTTP traffic
Frame 94 (154 bytes on wire, 154 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.417054000
[Time delta from previous captured frame: 0.001355000 seconds]
[Time delta from previous displayed frame: 0.001355000 seconds]
[Time since reference or first frame: 1.857812000 seconds]
Frame Number: 94
Frame Length: 154 bytes
Capture Length: 154 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http:data]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 140
Identification: 0x7af9 (31481)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x06c5 [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.120 (172.17.80.120)
Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 36, Ack: 165, Len: 88
Source port: 51915 (51915)
Destination port: http (80)
[Stream index: 32]
Sequence number: 36 (relative sequence number)
[Next sequence number: 124 (relative sequence number)]
Acknowledgement number: 165 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6912 (scaled)
Checksum: 0x9bbe [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 16513861, TSecr 5367217
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 93]
[The RTT to ACK the segment was: 0.001355000 seconds]
[Number of bytes in flight: 88]
Hypertext Transfer Protocol
Data (88 bytes)
0000 16 03 01 00 53 01 00 00 4f 03 01 4a 8b e6 b1 6d ....S...O..J...m
0010 1a 6f 63 32 dd 63 5f ee d2 f8 b2 32 ac 56 50 5d .oc2.c_....2.VP]
0020 6e c7 cd 27 51 ad 95 f1 b1 f6 87 00 00 28 00 39 n..'Q........(.9
0030 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f .8.5.......3.2./
0040 00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11 ................
0050 00 08 00 06 00 03 01 00 ........
Data: 16030100530100004F03014A8BE6B16D1A6F6332DD635FEE...
[Length: 88]
No. Time Source Destination Protocol Info
95 1.857828 172.17.80.120 172.17.80.19 TCP 51915 > http [FIN, ACK] Seq=124 Ack=165 Win=6912 Len=0 TSV=16513861 TSER=5367217
Frame 95 (66 bytes on wire, 66 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.417070000
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.000016000 seconds]
[Time since reference or first frame: 1.857828000 seconds]
Frame Number: 95
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x7afb (31483)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x071b [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.120 (172.17.80.120)
Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 124, Ack: 165, Len: 0
Source port: 51915 (51915)
Destination port: http (80)
[Stream index: 32]
Sequence number: 124 (relative sequence number)
Acknowledgement number: 165 (relative ack number)
Header length: 32 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size: 6912 (scaled)
Checksum: 0x2fcf [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 16513861, TSecr 5367217
No. Time Source Destination Protocol Info
96 1.857844 172.17.80.19 172.17.80.120 TCP http > 51915 [ACK] Seq=165 Ack=125 Win=65412 Len=0 TSV=5367217 TSER=16513861
Frame 96 (66 bytes on wire, 66 bytes captured)
Arrival Time: Aug 19, 2009 11:48:37.417086000
[Time delta from previous captured frame: 0.000016000 seconds]
[Time delta from previous displayed frame: 0.000016000 seconds]
[Time since reference or first frame: 1.857844000 seconds]
Frame Number: 96
Frame Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x2b84 (11140)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xd691 [correct]
[Good: True]
[Bad : False]
Source: 172.17.80.19 (172.17.80.19)
Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 165, Ack: 125, Len: 0
Source port: http (80)
Destination port: 51915 (51915)
[Stream index: 32]
Sequence number: 165 (relative sequence number)
Acknowledgement number: 125 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65412
Checksum: 0xf8d4 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 5367217, TSecr 16513861
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 95]
[The RTT to ACK the segment was: 0.000016000 seconds]
08-20-2009 12:55 AM
Anyone, please..
08-20-2009 01:49 AM
Any chance your vCenter has Windows Firewall enabled? We're not seeing any traffic between your VSM and VC using SSL/443. You're sure you captured traffic during an svs connection attempt?
Also - What did you use for the packet capture?
Robert
08-20-2009 02:59 AM
Any chance your vCenter has Windows Firewall enabled?
Nope, the firewall is off.
We're not seeing any traffic between your VSM and VC using SSL/443. You're sure you captured traffic during an svs connection attempt?
Yes, i turned on logging just before issuing the connect and turned off the logging just after the error message.
Also - What did you use for the packet capture?
Wireshark
When i browse "https://localhost/mob" from the vmware vspare host i encounter an SSL certificate. - Lets call this "certificate1"
When i install the XML plugin, the xml file seams to contain a different SSL sertificate. - Lets call this "certificate2"
Though i do not encounter any problems installing the xml plugin into vmware, it makes me wonder...
If the VCM talkes to the vmware host with "certificate2" over port 443, does not "certificate1" get in its way?
I thought there could be only one certificate installation for each ip-address using the same port number (443) ??
Can this be my problem?
If so, how can i resolve this without removing "certificate1" wich is in use by about 50 other live virtual machine servers... (dont want to disturb them)
If so, may the solution to my problem be to manualy install "certificate 1" into my VCM, and if so, in what format must i export/import "certificate1"?
08-20-2009 03:09 AM
I don't think that is your issue. The certificate for the VSM to communicate with your vCenter is separate than the vmware-to-ESX cert.
I've raised a couple questions internally and I'm waiting back for an answer. I'll update you tomorrow (I'm done here for the night).
Stay tuned. I will find you an answer/fix.
Robert
08-20-2009 03:48 AM
Thank you, looking forward to hear from you!
08-20-2009 04:57 AM
Does it matter that we do not use 3 different physical interfaces as described in the install guide, but 2 interfaces, one for mgmt0 interface and the rest in another interface?
And does it matter thtat we do not use 3 different vlans, but everything is mapped to vlan 1?
08-20-2009 05:21 AM
Hi,
you don't need three physical interfaces for the ESX box hosting the VSM. You could trunk the required VLANs across a single NIC.
But you do need three different VLANs. One for mgmt (connection between VSM and vCenter), one for system (connection between VSM and VEMs/ESX hosts) and one packet (also connection between VSM and VEMs/ESX hosts).
You cannot aggregate this traffic on a single VLAN.
At the same time, the issue you are describing shouldn't be related to this misconfiguration. Nonetheless, please try to resolve the issue before continuing with the troubleshooting.
In the proxy.xml file I see that the hostname of the vCenter should be srvkrsapp09.nov.com. Is this the correct hostname and does it resolve to the correct IP address (172.17.80.19) from this host?
Here's why I'm asking this:
VMware uses a concept for accesing services which might appear a bit strange. They use a reverse proxy listening on port 80, that distributed the requests to other ports - where then services/daemons are listening - depending on the URL. Therefore you won't see the https traffic between the VSM and the vCenter going to port 443 on the vCenter. Instead it will be tunneled to port 80 on the vCenter, where the reverse proxy forwards the traffic to another port. And it looks like there is something wrong with that port.
Hope that helps.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide