ZVM unable to connect to VRA following upgrade to ESXi 5.5.0/6.0U2

KB Number:
000001353

Symptoms:

An administrator upgraded their ESXi host(s) to the following patches (or newer, per each major release) by VMware

  • ESXi 6.0.2. Build 4632154
  • ESXi 6.0.0. Build 4600944
  • ESXi 5.5.0. Build 4722766

Following the upgrade, the ZVM is unable to connect to the VRA.

Possible Error messages: 
Failed: An established connection was aborted by the software in your host machine.


Cause:
Looking in ESXi host Auth log, we see this error:
 
2016-11-17T07:32:07Z sshd[76058]: Connection from 172.20.204.117 port 49746
2016-11-17T07:32:07Z sshd[76058]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49746: DH GEX group out of range
2016-11-17T07:32:07Z sshd[76059]: /etc/ssh/sshd_config line 15: Unsupported option PrintLastLog
2016-11-17T07:32:07Z sshd[76059]: Connection from 172.20.204.117 port 49747
2016-11-17T07:32:07Z sshd[76059]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49747: DH GEX group out of range
2016-11-17T07:32:07Z sshd[76060]: /etc/ssh/sshd_config line 15: Unsupported option PrintLastLog
2016-11-17T07:32:07Z sshd[76060]: Connection from 172.20.204.117 port 49748
2016-11-17T07:32:07Z sshd[76060]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49748: DH GEX group out of range

This is caused by the OpenSSH package being updated in this version to 7.1p1 which deprecates use of keys smaller than 1536 bits

Solution:

This issue is fixed in Zerto 5.0u1/4.5U5, in which the ZVM's OpenSSH key has been brought into compliance with the new requirements of ESXi.

If upgrade to 5.0u1/4.5U5 is not immediately possible, a hotfix can be applied to Zerto 4.5u4 or 5.0 by Level 2 Support.

 

Affected Versions:
4.5Ux, 5.0 GA

Hypervisor:
VMWare

1 Star2 Stars3 Stars4 Stars5 Stars (12 votes, average: 3.33 out of 5)
Loading...