vCenter 5.5 Failed to added infra provider

Adding vCenter 5 is not working with domain user, but getting the following error.

format: domain\user

-07-20T08:22:57.468374 #2504:2b01a3a483bc] INFO – : MIQ(MiqQueue.put) Message id: [4788], id: , Zone: , Role: [ems_operations], Server: , MiqTask id: [44], Ident: [generic], Target id: , Instance id: , Task id: , Command: [ManageIQ::Providers::Vmware::InfraManager.verify_credentials?], Timeout: [600], Priority: [100], State: [ready], Deliver On: , Data: , Args: [{“endpoints”=>{“default”=>{“hostname”=>“10.43.137.11”}}, “authentications”=>{“default”=>{“userid”=>“banone\ban-mg01”, “password”=>“"}}, “type”=>“ManageIQ::Providers::Vmware::InfraManager”, “zone_id”=>“2”, :task_id=>44}]
[----] I, [2021-07-20T08:22:57.468548 #2504:2b01a3a483bc] INFO – : MIQ(MiqTask.generic_action_with_callback) Task: [44] Queued the action: [Verify EMS Provider Credentials] being run for user: [#User:0x0000560354437f08]
[----] I, [2021-07-20T08:22:58.055118 #2141:2ad2abec397c] INFO – : MIQ(MiqServer#populate_queue_messages) Fetched 1 miq_queue rows for queue_name=generic, wcount=4, priority=200
[----] I, [2021-07-20T08:22:58.698048 #2478:2ae1e719b95c] INFO – : MIQ(MiqScheduleWorker::Runner#do_work) Number of scheduled items to be processed: 5.
[----] I, [2021-07-20T08:22:58.709405 #2478:2ae1e719b95c] INFO – : MIQ(MiqQueue.put) Message id: [4789], id: [], Zone: [default], Role: [], Server: [11153f31-3cf2-410c-8c42-386bafd3f93b], MiqTask id: [], Ident: [miq_server], Target id: [], Instance id: [], Task id: [], Command: [MiqServer.status_update], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: []
[----] I, [2021-07-20T08:22:58.717815 #2478:2ae1e719b95c] INFO – : MIQ(MiqQueue.put) Message id: [4790], id: [], Zone: [default], Role: [], Server: [], MiqTask id: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Job.check_jobs_for_timeout], Timeout: [600], Priority: [90], State: [ready], Deliver On: [], Data: [], Args: []
[----] I, [2021-07-20T08:22:58.725092 #2478:2ae1e719b95c] INFO – : MIQ(MiqQueue.put) Message id: [4791], id: [], Zone: [default], Role: [smartstate], Server: [], MiqTask id: [], Ident: [generic], Target id: [], Instance id: [], Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: []
[----] I, [2021-07-20T08:22:58.731904 #2478:2ae1e719b95c] INFO – : MIQ(MiqQueue.put) Message id: [4792], id: [], Zone: [], Role: [], Server: [], MiqTask id: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [MiqQueue.check_for_timeout], Timeout: [600], Priority: [90], State: [ready], Deliver On: [], Data: [], Args: []
[----] I, [2021-07-20T08:22:58.891713 #2541:2adeac811964] INFO – : MIQ(MiqGenericWorker::Runner#get_message_via_drb) Message id: [4788], MiqWorker id: [39], Zone: [], Role: [ems_operations], Server: [], MiqTask id: [44], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [ManageIQ::Providers::Vmware::InfraManager.verify_credentials?], Timeout: [600], Priority: [100], State: [dequeue], Deliver On: [], Data: [], Args: [{“endpoints”=>{“default”=>{“hostname”=>“10.43.137.11”}}, “authentications”=>{“default”=>{“userid”=>“banone\ban-mg01”, “password”=>"
”}}, “type”=>“ManageIQ::Providers::Vmware::InfraManager”, “zone_id”=>“2”, :task_id=>44}], Dequeued in: [1.426903797] seconds
[----] I, [2021-07-20T08:22:58.892149 #2541:2adeac811964] INFO – : MIQ(MiqQueue#deliver) Message id: [4788], Delivering…
[----] I, [2021-07-20T08:22:58.893598 #2541:2adeac811964] INFO – : MIQ(MiqTask#update_status) Task: [44] [Active] [Ok] [Task starting]
[----] W, [2021-07-20T08:22:58.911076 #2541:2adeac811964] WARN – : MIQ(ManageIQ::Providers::Vmware::InfraManager.validate_connection) #<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: unsupported protocol>
[----] E, [2021-07-20T08:22:58.911588 #2541:2adeac811964] ERROR – : MIQ(MiqQueue#deliver) Message id: [4788], Error: [Unexpected response returned from Provider, see log for details]
[----] E, [2021-07-20T08:22:58.912023 #2541:2adeac811964] ERROR – : [RuntimeError]: Unexpected response returned from Provider, see log for details Method:[block (2 levels) in class:LogProxy]
[----] E, [2021-07-20T08:22:58.912550 #2541:2adeac811964] ERROR – : /opt/manageiq/manageiq-gemset/bundler/gems/manageiq-providers-vmware-eb218a96aad1/app/models/manageiq/providers/vmware/infra_manager/vim_connect_mixin.rb:86:in rescue in validate_connection' /opt/manageiq/manageiq-gemset/bundler/gems/manageiq-providers-vmware-eb218a96aad1/app/models/manageiq/providers/vmware/infra_manager/vim_connect_mixin.rb:69:in validate_connection’
/opt/manageiq/manageiq-gemset/bundler/gems/manageiq-providers-vmware-eb218a96aad1/app/models/manageiq/providers/vmware/infra_manager/vim_connect_mixin.rb:53:in raw_connect' /opt/manageiq/manageiq-gemset/bundler/gems/manageiq-providers-vmware-eb218a96aad1/app/models/manageiq/providers/vmware/infra_manager.rb:208:in verify_credentials’
/var/www/miq/vmdb/app/models/mixins/verify_credentials_mixin.rb:55:in verify_credentials?' /var/www/miq/vmdb/app/models/miq_queue.rb:484:in block in dispatch_method’
/usr/share/ruby/timeout.rb:93:in block in timeout' /usr/share/ruby/timeout.rb:33:in block in catch’
/usr/share/ruby/timeout.rb:33:in catch' /usr/share/ruby/timeout.rb:33:in catch’
/usr/share/ruby/timeout.rb:108:in timeout' /var/www/miq/vmdb/app/models/miq_queue.rb:482:in dispatch_method’
/var/www/miq/vmdb/app/models/miq_queue.rb:459:in block in deliver' /var/www/miq/vmdb/app/models/user.rb:360:in with_user_group’
/var/www/miq/vmdb/app/models/miq_queue.rb:459:in deliver' /var/www/miq/vmdb/app/models/miq_queue_worker_base/runner.rb:80:in deliver_queue_message’
/var/www/miq/vmdb/app/models/miq_queue_worker_base/runner.rb:104:in deliver_message' /var/www/miq/vmdb/app/models/miq_queue_worker_base/runner.rb:122:in block in do_work’
/var/www/miq/vmdb/app/models/miq_queue_worker_base/runner.rb:118:in loop' /var/www/miq/vmdb/app/models/miq_queue_worker_base/runner.rb:118:in do_work’
/var/www/miq/vmdb/app/models/miq_worker/runner.rb:264:in block in do_work_loop' /var/www/miq/vmdb/app/models/miq_worker/runner.rb:261:in loop’
/var/www/miq/vmdb/app/models/miq_worker/runner.rb:261:in do_work_loop' /var/www/miq/vmdb/app/models/miq_worker/runner.rb:113:in run’
/var/www/miq/vmdb/app/models/miq_worker/runner.rb:95:in start' lib/workers/bin/run_single_worker.rb:122:in
[----] I, [2021-07-20T08:22:58.912892 #2541:2adeac811964] INFO – : MIQ(MiqQueue#delivered) Message id: [4788], State: [error], Delivered in [0.020688155] seconds
[----] I, [2021-07-20T08:22:58.915014 #2541:2adeac811964] INFO – : MIQ(MiqQueue#m_callback) Message id: [4788], Invoking Callback with args: [“Finished”, “error”, “Unexpected response returned from Provider, see log for details”, “nil”]
[----] I, [2021-07-20T08:22:58.915448 #2541:2adeac811964] INFO – : MIQ(MiqTask#update_status) Task: [44] [Finished] [Error] [Unexpected response returned from Provider, see log for details]


Hi @gmaghesh the error you are hitting is #<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: unsupported protocol>

This means that the SSL protocol supported by your vSphere provider is too old for our OS to be considered safe.

You can modify /etc/ssl/openssl.cnf to lower the MinProtocol however this is not recommended.

vSphere 5.5 has been out of general support since Sept 2018 and out of tech guidance since Sept 2020. Recommend you upgrade to a version of vSphere which is supported by VMware, it will have the latest TLS.

@agrare
Thanks for the update. Yes, we are aware of the support.
We want to see results within the current cluster.

Added MinProtocol = TLSv1.1 in the below file, but still, we have issues.

[root@manageiq ~]# cat /etc/crypto-policies/back-ends/opensslcnf.config
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.1
MinProtocol = TLSv1.2
MaxProtocol = TLSv1.3
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1
[root@manageiq ~]#

[root@manageiq ~]# openssl s_client -connect 10.4.13.11:443 --showcerts
CONNECTED(00000003)
139763071985472:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1943:

no peer certificate is available

No client certificate CA names sent

SSL handshake has read 54 bytes and written 296 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

[root@manageiq ~]#

Can you let me know any other config has to be changed.