Friday, December 29, 2017

What you need to know about the VMware vSphere TLS Reconfiguration utility

Recently I have had a number of conversations about the VMware vSphere TLS Reconfiguration utility. This utility  is used to modify the TLS configuration for v6.0U3 / 6.5 / 6.5U1 of vCenter, ESXi and VUM (if you are using vCenter Server Appliance (VCSA) 6.5 or greater.)

The primary use for the utility is to disable TLS 1.0 across the core vSphere components (vCenter, ESXi and VUM). Additional information and details can be found in the following kb articles:

Status of TLSv1.1/1.2 Enablement and TLSv1.0 Disablement across VMware products (2145796)
Managing TLS protocol configuration for vSphere 6.5 (2147469)
Managing TLS protocol configuration for vSphere 6.0 Update 3 (2148819)

It is important to note that while there is only one TLS Reconfiguration utility, there are currently three versions of the utility available for each vCenter platform (Windows and VCSA).

As you upgrade your vCenter from 6.0U3 to 6.5 and then to 6.5U1, you must remember to also upgrade the TLS Reconfiguration utility at the same time. Failure to do so will result in errors and an unsupported configuration which I found out first hand when I forgot to update the utility after upgrading the VCSA.

I have put together the information below help identify the version of the TLS Reconfiguration utility goes with which version of vCenter and a quick link to the download.

You will need valid MyVMware credentials to access the utility and you should be logged in first to follow the download links in the table below.

TLS Reconfiguration version / vCenter version table:
TLS Reconfiguration Utility Build number
vSphere version
Download link
6.5 U1 (a,b,c,d)
6.5 GA (a,b,c,d,e,f)
6.0 U3 (a,b,c)
I hope this helps save you time and confusion!