Cannot connect to vCenter from PVS Console using stronger SCHANNEL Protocols, such as TLS 1.2
Article ID: CTX238947
Updated On:
Description
When running the XenDesktop Setup Wizard or the Streamed VM Wizard, and connecting to a vCenter Server that has been configured to only accept connections using TLS 1.1 or higher, the PVS Console could present an error stating that the Connection was closed.
The error shown will have a text similar to the following:
Cannot connect to the hypervisor at : <HYPERVISOR ADDRESS> failed to connect to the remote server.
(unable to locate the server.[The underlying connection was closed: an unexpected error occurred on a send.])
(unable to locate the server.[The underlying connection was closed: an unexpected error occurred on a send.])
This issue can also be seen when testing a Host Entry from the PVS Console by clicking on the "Verify Connection" button in the Host Entry properties.
Environment
Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Resolution
The solution to the issue will depend on the version of PVS that is installed.
This is because different versions of PVS will use different versions of the .NET Framework.
To allow communications from applications using the .NET Framework to communicate using versions of TLS other than 1.0, the .NET Framework needs to be configured correctly.
As of the time this article was written, the current version of PVS uses .NET Framework 4.6.
To configure .NET Framework to correctly communicate using higher versions of TLS, configure the following values in the Registry of the PVS Server.
After configuring the value in the Registry, close and reopen the PVS Console.
For the proper configuration required on other versions of the .NET Framework, please refer to the following Microsoft documentation:
This is because different versions of PVS will use different versions of the .NET Framework.
To allow communications from applications using the .NET Framework to communicate using versions of TLS other than 1.0, the .NET Framework needs to be configured correctly.
As of the time this article was written, the current version of PVS uses .NET Framework 4.6.
To configure .NET Framework to correctly communicate using higher versions of TLS, configure the following values in the Registry of the PVS Server.
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value Name: SchUseStrongCrypto
Value Type: DWORD
Value: 1
Value Name: SchUseStrongCrypto
Value Type: DWORD
Value: 1
After configuring the value in the Registry, close and reopen the PVS Console.
For the proper configuration required on other versions of the .NET Framework, please refer to the following Microsoft documentation:
Problem Cause
Additional configuration is needed to allow applications that use the .NET Framework to communicate using stronger SCHANNEL Protocols.
Was this article helpful?
Yes
No
Powered by
