When developing SimDK I had to perform a lot of traffic captures to see what was actually occurring between vSphere clients and the vSphere SDK web service. Wireshark worked wonderfully for listening to messages between PowerShell or Perl and vCenter because these clients can connect to the vCenter server over HTTP without SSL encryption. The vSphere client, however, is (seemingly) hardwired to use SSL, and I was having no luck listening to the traffic between it and the vCenter server. Even when I decrypted the traffic using VMware’s provided key, Wireshark was not able to reassemble all the packets in the correct order, and anything short of all the traffic was useless to me. Hence began my quest to discover how to connect to the vCenter server with the vSphere client using HTTP. The official response from VMware was that you cannot configure the vSphere client to communicate with the vCenter server without SSL.
Here’s how to configure the vSphere client to communicate with the vCenter server without SSL.
It’s actually a deceptively simple process.
- On the vCenter server edit the file C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\proxy.xml and change all instances of httpsWithRedirect to httpAndHttps.
- Open the Service Control Manager (SCM) and restart the VMware VirtualCenter Management Webservices and VMware VirtualCenter Server services (you may only need to restart the first one, I cannot remember, so restart them both to be safe).
- On your client open the path the vSphere client Launcher folder. For example, C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher.
- Copy the files VpxClient.exe and VpxClient.exe.config. Name the copies VpxClient-http.exe and VpxClient-http.exe.config.
- Edit the file VpxClient-http.exe.config and change the line <add key = “protocolports” value = “https:443″/> to <add key = “protocolports” value = “http:80″/>.
- Launch the vSphere client with the copied executable and try connecting to the vCenter server you just reconfigured to accept non-SSL connections. You should receive a warning similar to the following:
Congratulations! You just did what VMware said couldn’t be done :)
And FYI, if you tell the vSphere client to remember your response above, you can tell it to forget that memory by removing the server you connected to from this registry key HKEY_CURRENT_USER\Software\VMware\Virtual Infrastructure Client\Preferences\UI\SavedDialogResponses.