Errors testing new connector to CHv 8 - "Connection Error: A failure occurred connecting to Citrix Hypervisor. Error = write EPROTO 140247625111360:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol"

Errors testing new connector to CHv 8 - "Connection Error: A failure occurred connecting to Citrix Hypervisor. Error = write EPROTO 140247625111360:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol"

book

Article ID: CTX262795

calendar_today

Updated On:

Description

When i try to configure a connector for this server on Citrix Hypervisor 8, if we check "Use Secured Communications", we get the error "Failed to connect to the server at #.#.#.#". If we uncheck "Use Secured Communications" and "Ignore Certificate Errors", we can configure the connector. In the file /var/log/Unidesk/unidesk-xenserver-connector,log.json.log, i get this error : {"name":"XenServerClientFactory","hostname":"localhost.localdomain","pid":4340,"level":50,"reqNum":750,"msg":"Connection Error: A failure occurred connecting to Citrix Hypervisor. Error = write EPROTO 140247625111360:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:../deps/openssl/openssl/ssl/s23_clnt.c:769:\n","time":"2019-09-03T12:19:20.449Z","v":0}

Resolution

In the XenCenter configuration for the host, uncheck the option to force only TLS 1.2 communication. See the section, "disabling older protocols", in the below doc.

https://www.citrix.com/content/dam/citrix/en_us/documents/white-paper/security-recommendations-when-deploying-citrix-xenserver.pdf


To correct the cert errors, when unchecking the connector setting, "ignore certificate errors", follow the below article.

https://support.citrix.com/article/CTX261855

Problem Cause

The CHV 8 host was configured to only allow TLS 1.2 traffic.

New cert from the CHV host was not trusted by the ELM.