MABS Server cannot connect to the vCenter Error 33623

Serge Kovalev 0

Hello Team, I have installed MABS server and cannot connect to the vCenter. vCenter version is 8.0

Please, read carefully before answering because all I could find over the Internet and on the Learn network Q&A was already applied.

Certificates were loaded into Trusted. I have also tested by disabling certificate check as below. Same result.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]

"IgnoreCertificateValidation"=dword:00000001

I have tested connectivity to the vCenter via browser from the same Windows server - it works
I elevated user to the Full Admin on the vCenter - MABS cannot connect
I have added registry keys to force TLS 1.2 as below, restarted host server, deleted vCenter connection in MABS, deleted user credentials, added them back - same error

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001

Log shows SSL/TLS tunnel error

18B4 239C 11/04 01:24:36.272 05 genericStatus.cpp(1112) 8031E91F-6798-4667-9DCA-DDD5A0E10666 WARNING Error while getting VMWare server verion sxx-vcentre.xxx.xxx.xx. HR = fd1d1020

18B4 239C 11/04 01:24:36.272 05 genericStatus.cpp(1100) [00000290FC5D0BB0] 8031E91F-6798-4667-9DCA-DDD5A0E10666 WARNING Parameter: [0x80990ef0], VMWareErrorMessage = The request was aborted: Could not create SSL/TLS secure channel.

18B4 239C 11/04 01:24:24.125 22 VMWareServer.cs(237) NORMAL Calling VMWareAPI:RetrieveServiceContent with argument serviceReferenceMOR:MOR = type:ServiceInstance, value:ServiceInstance and URL:https://sxx-vcentre.xxx.xxx.xx:443/sdk

18B4 239C 11/04 01:24:24.672 22 FMComponent.cs(0) WARNING FMBlock: Unknwon exception caught!! Calling exception transformer now OperationCode:Login,

18B4 239C 11/04 01:24:24.672 22 FMComponent.cs(0) WARNING OperationStartTime:11/4/2024 1:23:54 AM,CurrentAttempt:4, Exception:System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Windows host is not a domain controller and joined the domain

9 answers

Amardeep Saini 1,255 Reputation points Microsoft Employee

2024-11-04T08:30:49.9966667+00:00
@Serge Kovalev Thank you for contacting us on Microsoft Q&A platform. Happy to help!

Request you to try to login to Vsphere from MABS Server and check if you are able to login to it or not.

Make sure that public key length size of your vCenter Server certificate should be 2048 bits.

You can also use below mentioned steps to check the TLS setting on your MABS Server.

There is a freeware tool called IIS Crypto. We recommend you to download the GUI version of it on the following URL: https://www.nartac.com/Products/IISCrypto/Download

Install this tool both on MABS Server machine.

Open the IIS Crypto and click on “Best Practices”.

Click on Apply and reboot the machines.

If you want to change any of the best practices, just make sure to apply the changes before rebooting

A reboot to the machines is required

After doing this, try to connect again.

If the above steps still not resolve the issue, please share a full stack of logs to understand the issue better so that we can assist you and suggest a resolution accordingly. Looking forward to hear back from you with those details.

If the suggestions were helpful, click “Accept Answer” and Up-Vote it.
Please sign in to rate this answer.
Amardeep Saini 1,255 Reputation points Microsoft Employee

2024-11-11T13:03:58.6733333+00:00

@Serge Kovalev Please update if your issue is resolved by following the above steps or you are still facing the same issue.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Serge Kovalev 0 Reputation points

2024-11-12T02:39:09.85+00:00

Hi Amardeep,

Thanks for your answer. I've applied best practices as you recommended and restarted the server. Still having same issue as before. Please, find attached log file as requested. If you need more logs, I will have to add them one by one. Answer screen does not allow more than one.

Regards,

Serge Kovalev
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Serge Kovalev 0 Reputation points

2024-11-12T02:40:05.3666667+00:00

DPMAccessManagerCurr.errlog.log
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Serge Kovalev 0 Reputation points

2024-11-12T02:41:40.67+00:00

Actually, I could not see any files attached. Can you tell me how to provide all logs to you, please?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Serge Kovalev 0 Reputation points

2024-11-12T02:44:40.91+00:00

DPMRACurr.errlog.zip.log
Please sign in to rate this answer.
Amardeep Saini 1,255 Reputation points Microsoft Employee

2024-11-12T13:59:48.9133333+00:00

Thank you for the logs, I have checked the logs and found same issue related to TLS. Please find below the snip from the logs.

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL FMBlock: FM exception caught Calling exception transformer now OperationCode:Login,

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL OperationStartTime:11/1/2024 5:53:44 AM, Exception:FMException: [ErrorCode:ConnectionFail, DetailedCode:0, Source:None, Message:]

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL --->System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VimService.RetrieveServiceContent(ManagedObjectReference _this)

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at Microsoft.Internal.EnterpriseStorage.Dls.VMWareSDK.VMWareServer.<>c__DisplayClass71_0.<Connect>b__0()

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL at Microsoft.Internal.Common.FailureModeling.FMComponent`3._FMBlock(String fileName, Int32 lineNumber, FMBlockArgs args, Action fmPrecheckBlock, Action fmUserBlock)

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL MBlock: Current operationTime timeout reached or will reach after backoff time.

1A30 0750 11/01 05:54:26.911 22 FMComponent.cs(0) NORMAL OperationCode:Login,

1A30 0750 11/01 05:54:26.911 05 VMWareHelpers.h(25) 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING VMWareErrorCode = ConnectionFail, Message = The request was aborted: Could not create SSL/TLS secure channel.

1A30 0750 11/01 05:54:26.911 05 genericStatus.cpp(1112) 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Error while getting VMWare server verion syd-vcentre.novotech.com.au. HR = 54727160

1A30 0750 11/01 05:54:26.911 05 genericStatus.cpp(1100) [000001BA547F08F0] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Parameter: [0x80990ef0], VMWareErrorMessage = The request was aborted: Could not create SSL/TLS secure channel.

1A30 0750 11/01 05:54:26.911 05 genericStatus.cpp(1100) [000001BA547F08F0] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Parameter: [0x80990ef0], VMWareErrorCode = ConnectionFail

1A30 0750 11/01 05:54:26.911 05 genericStatus.cpp(1100) [000001BA547F08F0] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Failed: Hr: = [0x80990ef0] : Encountered Failure: : lVal : hr

1A30 0750 11/01 05:54:26.911 03 runtime.cpp(1388) [000001BA51BCCD80] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 FATAL Subtask failure, sending status response XML=[<?xml version="1.0"?>

1A30 0750 11/01 05:54:26.911 03 runtime.cpp(1388) [000001BA51BCCD80] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 FATAL <Status xmlns="http://schemas.microsoft.com/2003/dls/StatusMessages.xsd" StatusCode="-2137452814" Reason="Error" CommandID="GetProperties" CommandInstanceID="d18976dd-febe-4892-abc0-46f54219a0f5" GuidWorkItem="01451bbd-9a2c-4812-84de-d8ab7cb96c82" TETaskInstanceID="01451bbd-9a2c-4812-84de-d8ab7cb96c82"><ErrorInfo xmlns="http://schemas.microsoft.com/2003/dls/GenericAgentStatus.xsd" ErrorCode="998" DetailedCode="-2137452814" DetailedSource="2"><Parameter Name="AgentTargetServer" Value="KOR-SEL-AZRBK01.novotech.com.au"/></ErrorInfo></Status>

1A30 0750 11/01 05:54:26.911 03 runtime.cpp(1388) [000001BA51BCCD80] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 FATAL ]

1A30 0750 11/01 05:54:26.911 05 defaultSubTask.cpp(744) [000001BA547BE680] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Failed: Hr: = [0x80990ef2] : Encountered Failure: : lVal : getPropertiesResult->SetVMWareVersion(pCommand)

1A30 0750 11/01 05:54:26.911 29 RADefaultSubtask.cpp(255) [000001BA547BE680] 01451BBD-9A2C-4812-84DE-D8AB7CB96C82 WARNING Failed: Hr: = [0x80990ef2] : Encountered Failure: : lVal : m_pAgent->GetDefaultSubTask()->GetPropertiesCommand(pGetProperiesCommand)

Please try to login on Vsphere on MABS server and check if you are able to login to it or not. Also, I have suggested to check SSL Cipher Suire on MABS server to make sure it is in right order, please follow it and see if that fixes the issue.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

MABS Server cannot connect to the vCenter Error 33623

9 answers

Your answer