Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
26430
Views
22
Helpful
20
Replies

"[VMWARE-VIM] Operation could not be completed due to connection failure" error when i try to establish svs connection between n1000 and vc.

aasmund.greibrokk
Level 1
Level 1

‎08-12-2009 07:02 AM

Hi,


I got an error when i try to establish svs connection between n1000 and vc.

n1000v-hostname(config-svs-conn)# show svs connections

connection VC:
    ip address: 172.17.80.19
    protocol: vmware-vim https
    datacenter name: default
    DVS uuid: -
    config status: Disabled
    operational status: Disconnected


n1000v-hostname(config-svs-conn)#

[VMWARE-VIM] Operation could not be completed due to connection failure. EOF was observed that violates the protocol. The client probably provided invalid authentication information.' : Details: 'SSL connect failed in tcp_connect()

I can ping 172.17.80.19.

i have the latest nexus software (nexus-1000v-mz.4.0.4.SV1.1.bin)

do sombody have any idea whats wrong in my setup?

Labels:
20 Replies 20

chelsen
Level 1
Level 1

‎08-12-2009 07:28 AM

Hi,

just to check the most common problem causes at this stage. Could you please confirm that you've done the following or that the steps work:

  • Is 172.17.80.19 really your vCenter host? is it multi-homed (has more than 1 IP address)?
  • Can you ping from your Cisco Nexus 1000V VSM to 172.17.80.19?
  • Can you connect to port 443 on 172.17.80.19? Open https://172.17.80.19/mob/
  • Did you register the Nexus 1000V Plugin in vCenter as described here?

Chris

aasmund.greibrokk
Level 1
Level 1
In response to chelsen

‎08-13-2009 02:20 AM

Hi,again and thank you wery mouch for a great reply.

  • Is 172.17.80.19 really your vCenter host? is it multi-homed (has more than 1 IP address)?
    • Yes its really my vCenter host, and 172.17.80.19 is the only ip-address acociated with the computer.

  • Can you ping from your Cisco Nexus 1000V VSM to 172.17.80.19?
    • Yes


  • Did you register the Nexus 1000V Plugin in vCenter as described here?
    • Yes, i have re-installed the plugin without it resolving the issue.

Thank you wery mouch for your help so far, though my problem persist.

aasmund.greibrokk
Level 1
Level 1
In response to aasmund.greibrokk

‎08-17-2009 01:17 AM

My problem persists, anybody, please... =)

Robert Burns
Cisco Employee
Cisco Employee
In response to aasmund.greibrokk

‎08-17-2009 01:29 AM

Can you post the following:

- show run (from VSM)

- proxy.xml file from your vCenter Server C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\

- screenshot of the browser window then you open "https://localhost" on your vCenter server, and click View Certificate

As this issue seems to be SSL related you might want to try and regenerate your vCenter certificates and try again the svs connection again.   Instructions for this can be found here: http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

Cheers,

Robert

aasmund.greibrokk
Level 1
Level 1
In response to Robert Burns

‎08-17-2009 03:13 AM

Thank you wery mouch for a fast reply. Can you find any solution from the info i have provded?

Can you post the following:

- show run (from VSM)


version 4.0(4)SV1(1)
username admin password 5 ############################  role network-admin
telnet server enable
ssh key rsa 2048
ip domain-lookup
ip host KRS-DVG-VMW-SW01 172.17.80.120
kernel core target 0.0.0.0
kernel core limit 1
system default switchport
snmp-server user admin network-admin auth md5 0###############################
priv ############################## localizedkey
snmp-server enable traps license
vrf context management
switchname KRS-DVG-VMW-SW01
vlan 1
vdc KRS-DVG-VMW-SW01 id 1
  limit-resource vlan minimum 16 maximum 513
  limit-resource monitor-session minimum 0 maximum 64
  limit-resource vrf minimum 16 maximum 8192
  limit-resource port-channel minimum 0 maximum 256
  limit-resource u4route-mem minimum 32 maximum 80
  limit-resource u6route-mem minimum 16 maximum 48
port-profile Unused_Or_Quarantine_Uplink
  description "Port-group created for Nexus1000V internal usage. Do not use."
  capability uplink
  vmware port-group
  shutdown
  state enabled
port-profile Unused_Or_Quarantine_Veth
  description "Port-group created for Nexus1000V internal usage. Do not use."
  vmware port-group
  shutdown
  state enabled

interface mgmt0
  ip address 172.17.80.120/24

interface control0
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.1.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.1.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.1.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.1.bin sup-2
svs-domain
  domain id 1
  control vlan 1
  packet vlan 1
  svs mode L2
svs connection VC
  protocol vmware-vim
  remote ip address 172.17.80.19
  vmware dvs datacenter-name KRS

- proxy.xml file from your vCenter Server C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\

<config>
  <EndpointList>
    <_length>15</_length>
    <_type>vim.ProxyService.EndpointSpec[]</_type>
    <e id="0">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
      <serverNamespace>/</serverNamespace>
    </e>
    <e id="1">
      <_type>vim.ProxyService.RedirectSpec</_type>
      <accessMode>httpOnly</accessMode>
      <port>8080</port>
      <redirectType>found</redirectType>
      <serverNamespace>/Query</serverNamespace>
    </e>
    <e id="10">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
      <serverNamespace>/vpxdhealth</serverNamespace>
    </e>
    <e id="11">
      <_type>vim.ProxyService.RedirectSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <port>8080</port>
      <redirectType>found</redirectType>
      <serverNamespace>/vws</serverNamespace>
    </e>
    <e id="12">
      <_type>vim.ProxyService.LocalTunnelSpec</_type>
      <accessMode>httpOnly</accessMode>
      <port>8089</port>
      <serverNamespace>172.17.80.19:8089</serverNamespace>
    </e>
    <e id="13">
      <_type>vim.ProxyService.LocalTunnelSpec</_type>
      <accessMode>httpOnly</accessMode>
      <port>8089</port>
      <serverNamespace>sdkTunnel:8089</serverNamespace>
    </e>
    <e id="14">
      <_type>vim.ProxyService.LocalTunnelSpec</_type>
      <accessMode>httpOnly</accessMode>
      <port>8089</port>
      <serverNamespace>srvkrsapp09.nov.com:8089</serverNamespace>
    </e>
    <e id="2">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
      <serverNamespace>/client/clients.xml</serverNamespace>
    </e>
    <e id="3">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-mob-pipe</pipeName>
      <serverNamespace>/mob</serverNamespace>
    </e>
    <e id="4">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpAndHttps</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
      <serverNamespace>/nfc</serverNamespace>
    </e>
    <e id="5">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8085</port>
      <serverNamespace>/sdk</serverNamespace>
    </e>
    <e id="6">
      <_type>vim.ProxyService.LocalTunnelSpec</_type>
      <accessMode>httpOnly</accessMode>
      <port>8089</port>
      <serverNamespace>/sdkTunnel</serverNamespace>
    </e>
    <e id="7">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8080</port>
      <serverNamespace>/sms</serverNamespace>
    </e>
    <e id="8">
      <_type>vim.ProxyService.LocalServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <port>8080</port>
      <serverNamespace>/ui</serverNamespace>
    </e>
    <e id="9">
      <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
      <accessMode>httpsWithRedirect</accessMode>
      <pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>
      <serverNamespace>/vod</serverNamespace>
    </e>
  </EndpointList>

</config>

- screenshot of the browser window then you open "https://localhost" on your vCenter server, and click View Certificate

sert-capt.JPG

As this issue seems to be SSL related you might want to try and regenerate your vCenter certificates and try again the svs connection again.   Instructions for this can be found here: http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

Will replacing the default server certificate affect only the VCM VM or will it avffect all VMs on the vmware server?

Cheers,

Robert

Robert Burns
Cisco Employee
Cisco Employee
In response to aasmund.greibrokk

‎08-17-2009 02:33 PM

Your config and proxy.xml look ok.

Regenerating the certs will require you to place the new keys on each of your ESX servers as the document details.

A less interuptive step we can do first is grab a packet capture of the communication between your VSM and VC when you attempt to connect.   The easiest way would be to sniff the port of your VC assuming your VC is a physical server.

By that traffic would should see why VC is rejecting your VSM's svs connection.

Robert

aasmund.greibrokk
Level 1
Level 1
In response to Robert Burns

‎08-19-2009 03:02 AM

The most interesting information i could in the text was the following:

-----------------------------------------

    CONNECT sdkTunnel:8089 HTTP/1.0\r\n
        [Expert Info (Chat/Sequence): CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
            [Message: CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: CONNECT
        Request URI: sdkTunnel:8089
        Request Version: HTTP/1.0
    \r\n
No.     Time        Source                Destination           Protocol Info
     93 1.856457    172.17.80.19          172.17.80.120         HTTP     HTTP/1.1 400 Bad Request  (text/html)

--------------------------------------------

Anywone, please help, i am still in the dark regarding resolving my problem.

Here is a export of 8 packages:

No.     Time        Source                Destination           Protocol Info
     86 1.854184    172.17.80.120         172.17.80.19          TCP      51915 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=16513861 TSER=0 WS=6

Frame 86 (74 bytes on wire, 74 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.413426000
    [Time delta from previous captured frame: 0.050361000 seconds]
    [Time delta from previous displayed frame: 1.854184000 seconds]
    [Time since reference or first frame: 1.854184000 seconds]
    Frame Number: 86
    Frame Length: 74 bytes
    Capture Length: 74 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
    Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 60
    Identification: 0x7af3 (31475)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x071b [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.120 (172.17.80.120)
    Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 0, Len: 0
    Source port: 51915 (51915)
    Destination port: http (80)
    [Stream index: 32]
    Sequence number: 0    (relative sequence number)
    Header length: 40 bytes
    Flags: 0x02 (SYN)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgement: Not set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
                [Message: Connection establish request (SYN): server port http]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 5840
    Checksum: 0xe27d [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 1460 bytes
        SACK permitted
        Timestamps: TSval 16513861, TSecr 0
        NOP
        Window scale: 6 (multiply by 64)
No.     Time        Source                Destination           Protocol Info
     89 1.855820    172.17.80.19          172.17.80.120         TCP      http > 51915 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 89 (78 bytes on wire, 78 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.415062000
    [Time delta from previous captured frame: 0.000012000 seconds]
    [Time delta from previous displayed frame: 0.001636000 seconds]
    [Time since reference or first frame: 1.855820000 seconds]
    Frame Number: 89
    Frame Length: 78 bytes
    Capture Length: 78 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
    Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 64
    Identification: 0x2b82 (11138)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x1688 [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.19 (172.17.80.19)
    Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 51915 (51915)
    [Stream index: 32]
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 44 bytes
    Flags: 0x12 (SYN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
                [Message: Connection establish acknowledge (SYN+ACK): server port http]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 16384
    Checksum: 0x92d3 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (24 bytes)
        Maximum segment size: 1460 bytes
        NOP
        Window scale: 0 (multiply by 1)
        NOP
        NOP
        Timestamps: TSval 0, TSecr 0
        NOP
        NOP
        SACK permitted
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 86]
        [The RTT to ACK the segment was: 0.001636000 seconds]
No.     Time        Source                Destination           Protocol Info
     91 1.856307    172.17.80.120         172.17.80.19          TCP      51915 > http [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=16513861 TSER=0

Frame 91 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.415549000
    [Time delta from previous captured frame: 0.000369000 seconds]
    [Time delta from previous displayed frame: 0.000487000 seconds]
    [Time since reference or first frame: 1.856307000 seconds]
    Frame Number: 91
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
    Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x7af5 (31477)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x0721 [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.120 (172.17.80.120)
    Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: 51915 (51915)
    Destination port: http (80)
    [Stream index: 32]
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 5888 (scaled)
    Checksum: 0x1702 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 16513861, TSecr 0
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 89]
        [The RTT to ACK the segment was: 0.000487000 seconds]
No.     Time        Source                Destination           Protocol Info
     92 1.856366    172.17.80.120         172.17.80.19          HTTP     CONNECT sdkTunnel:8089 HTTP/1.0

Frame 92 (101 bytes on wire, 101 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.415608000
    [Time delta from previous captured frame: 0.000059000 seconds]
    [Time delta from previous displayed frame: 0.000059000 seconds]
    [Time since reference or first frame: 1.856366000 seconds]
    Frame Number: 92
    Frame Length: 101 bytes
    Capture Length: 101 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp:http]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
    Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 87
    Identification: 0x7af7 (31479)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x06fc [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.120 (172.17.80.120)
    Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 1, Ack: 1, Len: 35
    Source port: 51915 (51915)
    Destination port: http (80)
    [Stream index: 32]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 36    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 32 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 5888 (scaled)
    Checksum: 0x1291 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 16513861, TSecr 0
    [SEQ/ACK analysis]
        [Number of bytes in flight: 35]
Hypertext Transfer Protocol
    CONNECT sdkTunnel:8089 HTTP/1.0\r\n
        [Expert Info (Chat/Sequence): CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
            [Message: CONNECT sdkTunnel:8089 HTTP/1.0\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: CONNECT
        Request URI: sdkTunnel:8089
        Request Version: HTTP/1.0
    \r\n
No.     Time        Source                Destination           Protocol Info
     93 1.856457    172.17.80.19          172.17.80.120         HTTP     HTTP/1.1 400 Bad Request  (text/html)

Frame 93 (229 bytes on wire, 229 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.415699000
    [Time delta from previous captured frame: 0.000091000 seconds]
    [Time delta from previous displayed frame: 0.000091000 seconds]
    [Time since reference or first frame: 1.856457000 seconds]
    Frame Number: 93
    Frame Length: 229 bytes
    Capture Length: 229 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp:http:data-text-lines]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
    Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 215
    Identification: 0x2b83 (11139)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xd5ef [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.19 (172.17.80.19)
    Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 1, Ack: 36, Len: 163
    Source port: http (80)
    Destination port: 51915 (51915)
    [Stream index: 32]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 164    (relative sequence number)]
    Acknowledgement number: 36    (relative ack number)
    Header length: 32 bytes
    Flags: 0x19 (FIN, PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 65500
    Checksum: 0xf977 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 5367217, TSecr 16513861
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 92]
        [The RTT to ACK the segment was: 0.000091000 seconds]
        [Number of bytes in flight: 164]
Hypertext Transfer Protocol
    HTTP/1.1 400 Bad Request\r\n
        [Expert Info (Chat/Sequence): HTTP/1.1 400 Bad Request\r\n]
            [Message: HTTP/1.1 400 Bad Request\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.1
        Response Code: 400
    Content-Type: text/html\r\n
    Date: Wed, 19 Aug 2009 09:48:37 GMT\r\n
    Connection: close\r\n
    Content-Length: 34\r\n
        [Content length: 34]
    \r\n
Line-based text data: text/html
    <h1>Bad Request (Invalid URL)</h1>
No.     Time        Source                Destination           Protocol Info
     94 1.857812    172.17.80.120         172.17.80.19          HTTP     Continuation or non-HTTP traffic

Frame 94 (154 bytes on wire, 154 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.417054000
    [Time delta from previous captured frame: 0.001355000 seconds]
    [Time delta from previous displayed frame: 0.001355000 seconds]
    [Time since reference or first frame: 1.857812000 seconds]
    Frame Number: 94
    Frame Length: 154 bytes
    Capture Length: 154 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp:http:data]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
    Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 140
    Identification: 0x7af9 (31481)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x06c5 [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.120 (172.17.80.120)
    Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 36, Ack: 165, Len: 88
    Source port: 51915 (51915)
    Destination port: http (80)
    [Stream index: 32]
    Sequence number: 36    (relative sequence number)
    [Next sequence number: 124    (relative sequence number)]
    Acknowledgement number: 165    (relative ack number)
    Header length: 32 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6912 (scaled)
    Checksum: 0x9bbe [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 16513861, TSecr 5367217
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 93]
        [The RTT to ACK the segment was: 0.001355000 seconds]
        [Number of bytes in flight: 88]
Hypertext Transfer Protocol
    Data (88 bytes)

0000  16 03 01 00 53 01 00 00 4f 03 01 4a 8b e6 b1 6d   ....S...O..J...m
0010  1a 6f 63 32 dd 63 5f ee d2 f8 b2 32 ac 56 50 5d   .oc2.c_....2.VP]
0020  6e c7 cd 27 51 ad 95 f1 b1 f6 87 00 00 28 00 39   n..'Q........(.9
0030  00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040  00 07 00 05 00 04 00 15 00 12 00 09 00 14 00 11   ................
0050  00 08 00 06 00 03 01 00                           ........
        Data: 16030100530100004F03014A8BE6B16D1A6F6332DD635FEE...
        [Length: 88]
No.     Time        Source                Destination           Protocol Info
     95 1.857828    172.17.80.120         172.17.80.19          TCP      51915 > http [FIN, ACK] Seq=124 Ack=165 Win=6912 Len=0 TSV=16513861 TSER=5367217

Frame 95 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.417070000
    [Time delta from previous captured frame: 0.000016000 seconds]
    [Time delta from previous displayed frame: 0.000016000 seconds]
    [Time since reference or first frame: 1.857828000 seconds]
    Frame Number: 95
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Vmware_bb:02:a8 (00:50:56:bb:02:a8), Dst: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
    Destination: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.120 (172.17.80.120), Dst: 172.17.80.19 (172.17.80.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x7afb (31483)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x071b [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.120 (172.17.80.120)
    Destination: 172.17.80.19 (172.17.80.19)
Transmission Control Protocol, Src Port: 51915 (51915), Dst Port: http (80), Seq: 124, Ack: 165, Len: 0
    Source port: 51915 (51915)
    Destination port: http (80)
    [Stream index: 32]
    Sequence number: 124    (relative sequence number)
    Acknowledgement number: 165    (relative ack number)
    Header length: 32 bytes
    Flags: 0x11 (FIN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 6912 (scaled)
    Checksum: 0x2fcf [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 16513861, TSecr 5367217
No.     Time        Source                Destination           Protocol Info
     96 1.857844    172.17.80.19          172.17.80.120         TCP      http > 51915 [ACK] Seq=165 Ack=125 Win=65412 Len=0 TSV=5367217 TSER=16513861

Frame 96 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Aug 19, 2009 11:48:37.417086000
    [Time delta from previous captured frame: 0.000016000 seconds]
    [Time delta from previous displayed frame: 0.000016000 seconds]
    [Time since reference or first frame: 1.857844000 seconds]
    Frame Number: 96
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: True]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8), Dst: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
    Destination: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        Address: Vmware_bb:02:a8 (00:50:56:bb:02:a8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        Address: HewlettP_a6:9e:e8 (00:1c:c4:a6:9e:e8)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.17.80.19 (172.17.80.19), Dst: 172.17.80.120 (172.17.80.120)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x2b84 (11140)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xd691 [correct]
        [Good: True]
        [Bad : False]
    Source: 172.17.80.19 (172.17.80.19)
    Destination: 172.17.80.120 (172.17.80.120)
Transmission Control Protocol, Src Port: http (80), Dst Port: 51915 (51915), Seq: 165, Ack: 125, Len: 0
    Source port: http (80)
    Destination port: 51915 (51915)
    [Stream index: 32]
    Sequence number: 165    (relative sequence number)
    Acknowledgement number: 125    (relative ack number)
    Header length: 32 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 65412
    Checksum: 0xf8d4 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        NOP
        NOP
        Timestamps: TSval 5367217, TSecr 16513861
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 95]
        [The RTT to ACK the segment was: 0.000016000 seconds]

aasmund.greibrokk
Level 1
Level 1
In response to aasmund.greibrokk

‎08-20-2009 12:55 AM

Anyone, please..

Robert Burns
Cisco Employee
Cisco Employee
In response to aasmund.greibrokk

‎08-20-2009 01:49 AM

Any chance your vCenter has Windows Firewall enabled?  We're not seeing any traffic between your VSM and VC using SSL/443.  You're sure you captured traffic during an svs connection attempt?

Also - What did you use for the packet capture?

Robert

aasmund.greibrokk
Level 1
Level 1
In response to Robert Burns

‎08-20-2009 02:59 AM

Any chance your vCenter has Windows Firewall enabled?

Nope, the firewall is off.

We're not seeing any traffic between your VSM and VC using SSL/443.  You're sure you captured traffic during an svs connection attempt?

Yes, i turned on logging just before issuing the connect and turned off the logging just after the error message.

Also - What did you use for the packet capture?

Wireshark

I have a question though:

When i browse "https://localhost/mob" from the vmware vspare host i encounter an SSL certificate. - Lets call this "certificate1"

When i install the XML plugin, the xml file seams to contain a different SSL sertificate. - Lets call this "certificate2"

Though i do not encounter any problems installing the xml plugin into vmware, it makes me wonder...

If the VCM talkes to the vmware host with "certificate2" over port 443, does not "certificate1" get in its way?


I thought there could be only one certificate installation for each ip-address using the same port number (443) ??


Can this be my problem?

If so, how can i resolve this without removing "certificate1" wich is in use by about 50 other live virtual machine servers... (dont want to disturb them)

If so, may the solution to my problem be to manualy install "certificate 1" into my VCM, and if so, in what format must i export/import "certificate1"?

Robert Burns
Cisco Employee
Cisco Employee
In response to aasmund.greibrokk

‎08-20-2009 03:09 AM

I don't think that is your issue.  The certificate for the VSM to communicate with your vCenter is separate than the vmware-to-ESX cert.

I've raised a couple questions internally and I'm waiting back for an answer.  I'll update you tomorrow (I'm done here for the night).

Stay tuned. I will find you an answer/fix.

Robert

aasmund.greibrokk
Level 1
Level 1
In response to Robert Burns

‎08-20-2009 03:48 AM

Thank you, looking forward to hear from you!

aasmund.greibrokk
Level 1
Level 1
In response to aasmund.greibrokk

‎08-20-2009 04:57 AM

Does it matter that we do not use 3 different physical interfaces as described in the install guide, but 2 interfaces, one for mgmt0 interface and the rest in another interface?

And does it matter thtat we do not use 3 different vlans, but everything is mapped to vlan 1?

chelsen
Level 1
Level 1
In response to aasmund.greibrokk

‎08-20-2009 05:21 AM

Hi,

you don't need three physical interfaces for the ESX box hosting the VSM. You could trunk the required VLANs across a single NIC.

But you do need three different VLANs. One for mgmt (connection between VSM and vCenter), one for system (connection between VSM and VEMs/ESX hosts) and one packet (also connection between VSM and VEMs/ESX hosts).

You cannot aggregate this traffic on a single VLAN.

At the same time, the issue you are describing shouldn't be related to this misconfiguration. Nonetheless, please try to resolve the issue before continuing with the troubleshooting.

In the proxy.xml file I see that the hostname of the vCenter should be srvkrsapp09.nov.com. Is this the correct hostname and does it resolve to the correct IP address (172.17.80.19) from this host?

Here's why I'm asking this:

VMware uses a concept for accesing services which might appear a bit strange. They use a reverse proxy listening on port 80, that distributed the requests to other ports - where then services/daemons are listening - depending on the URL. Therefore you won't see the https traffic between the VSM and the vCenter going to port 443 on the vCenter. Instead it will be tunneled to port 80 on the vCenter, where the reverse proxy forwards the traffic to another port. And it looks like there is something wrong with that port.

Hope that helps.

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents