ESXi 5.5Update 3b (Build 3248547) Disables SSLv3 — Older Versions of vCenter Server Can’t Reconnect Host

Author:  Michael Trantas, Senior Solutions Architect

The patch for ESXi 5.5 Update 3b / build 3248547 disables SSLV3 to remediate the POODLE SSL vulnerability but it can also cause connectivity issues when using older versions of vCenter server (5.5U3 and below). If this patch is applied to vSphere ESXi prior to updating vCenter to 5.5U3b, this will prevent reconnection to the updated host.

This will result in the following error message displayed:

Call “Datacenter.QueryConnectionInfo” for object “XXX” on vCenter Server “xxx.xxx” failed

Please note that per VMware best practices, the vCenter Server should always be upgraded to a supported version prior to upgrading the managed ESXi hosts to avoid interoperability issues. For more information on which to upgrade the vSphere environment, please see Upgrade sequence for vSphere 5.5 and its compatible VMware products.

There is also a workaround for this fix (if vCenter was not previously upgraded), but this requires re-enabling SSLv3, which enables the SSL vulnerability. That fix can be found here – VMware KB:  Enabling SSLv3 Protocol on vSphere 5.5. Additionally, vCenter Server can be upgraded to version 5.5U3b to continue with SSLv3 disabled.

There is an open VMware thread regarding this issue –for more information on this, please go to https://communities.vmware.com/thread/526465.

For additional assistance, please contact us at service@helient.com.