Skip to main content
Pure Technical Services

Troubleshooting: Could Not Generate DH Keypair

Currently viewing public documentation. Please login to access the full scope of documentation.

KP_Ext_Announcement.png

Symptoms

When attempting to install the Pure Storage vSphere plugin in a vSphere 5.1 environment, the following errors are reported in the vSphere virgo client logs:

[2016-02-11 16:06:03.213] ERROR [ERROR] http-bio-9443-exec-16 com.purestorage.FlashArrayHelper javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

and

Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive

We have also seen this behavior in customer environments were the plugin was previously working but stopped functioning. In an environment where the plugin has been working previously, but is now failing with the same errors above, are all caused by the same issue.

Diagnosis

Due to JAVA security changes for "mod_ssl", Diffie-Hellman (DH) parameters now include primes with lengths of more than 1024 bits. Since Java 7 and earlier limit their support for DH prime sizes to a maximum of 1024 bits, the SSL negotiation between our FlashArray and vCenter fail. This issue is not caused by the FlashArray (or our vSphere Plugin) but is a problem with vCenter 5.1 using Java Development Kit (JDK) 6.

This issue directly correlates with Oracle Bug ID JDK-7044060. You can also get additional information from this issue here.

Solution

  1. Go to the Oracle Archive site to download & install Java Development Kit 7 Update 17 on the vSphere web client server.
     
  2. Find and make a copy of the file "wrapper.conf" from the following location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf (right click on it, select copy to desktop)
     
  3. Edit the vSphere Web Client "wrapper.conf" with the following changes:
    • Modify "wrapper.java.command" with the path to the new JDK 1.7U17 path.
      • 32-bit version: wrapper.java.command=C:/Program Files (x86)/Java/jdk1.7.0_17/bin/java
      • 64-bit version: wrapper.java.command=C:/Program Files/Java/jdk1.7.0_17/bin/java
    • Add the following lines at the top of the wrapper.conf file:
      • 32-bit version: set.default.JAVA_HOME=C:\Program Files (x86)\Java\jdk1.7.0_17
      • 64-bit version: set.default.JAVA_HOME=C:\Program Files\Java\jdk1.7.0_17    set.default._JAVA_OPTIONS=-Xmx1024M
    • Comment out  (with a hash (#)) the following two lines in the wrapper.conf file:wrapper.java.initmemory=1024m
      wrapper.java.maxmemory=2048m
  4. Restart the vSphere Web Client service.

The path to the wrapper.conf file can be found in the following location on the vCenter Server: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf

Please only make the changes to the file based on whether or not they downloaded the 32-bit or 64-bit version of the JDK

For clarify purposes, below is the top half of a wrapper.conf file showing where all the applicable changes have been made:

#********************************************************************
# Wrapper License Properties (Ignored by Community Edition)
#********************************************************************
# Include file problems can be debugged by removing the first '#'
#  from the following line:
##include.debug

#encoding=UTF-8
wrapper.license.type=DEV
wrapper.license.id=201106200012
wrapper.license.licensee=VMware Global, Inc.
wrapper.license.dev_application=vSphere Web Client
wrapper.license.features=pro, 64bit
wrapper.license.upgrade_term.begin_date=2009-10-27
wrapper.license.upgrade_term.end_date=2012-01-27
wrapper.license.key.1=feca-7df5-2263-9092
wrapper.license.key.2=a38a-acfa-38de-8031
wrapper.license.key.3=c824-a8fa-b95a-1b89
wrapper.license.key.4=8434-7a46-4450-d081

#######################################################################################################
## You must set the SERVER_HOME property either in your environment of here before running as a service
#######################################################################################################
#set.default.JAVA_HOME=<set JAVA_HOME>
set.default.SERVER_HOME=<set SERVER_HOME>
set.default.CONFIG_DIR=%SERVER_HOME%/config
set.default.JMX_PORT=9875
set.default.JAVA_HOME=C:\Program Files (x86)\Java\jdk1.7.0_17 <------------- ADDED Line
set.default._JAVA_OPTIONS=-Xmx1024M                           <------------- ADDED Line

#########
# General
#########
wrapper.console.title=vSphere Web Client
#wrapper.debug=TRUE


#############
# Application
#############
wrapper.java.command=C:/Program Files (x86)/Java/jdk1.7.0_17/bin/java <------ Modified Line
wrapper.working.dir=%SERVER_HOME%
wrapper.java.mainclass=org.tanukisoftware.wrapper.WrapperSimpleApp


###########
# Classpath
###########
wrapper.java.classpath.1=%SERVER_HOME%/bin/service/lib/wrapper.jar
wrapper.java.classpath.2=%SERVER_HOME%/lib/*.jar



##############
# Library Path
##############
wrapper.java.library.path.1=%SERVER_HOME%/bin/service/lib

#############
#  JVM Memory
#############
#wrapper.java.initmemory=1024m <------------- Commented out line
#wrapper.java.maxmemory=1024m  <------------- Commented out line