*** Update ***

The ESXi 5 STIG for ESXi Server and vCenter Server is now at version 1 revision 3.  The only difference between revision 2 and 3 is the removal of some IAVM findings incorrectly included in the previous release.  The certificate requirements have still been pulled and the below information valid for revision 3.


Ok, so yesterday DISA released the ESXi 5 Version 1 Revision 2 of the STIG.  Now this is only Revision 2 of the ESXi 5 Server and vCenter Server STIG, not the VM.  That is still at revision 1.

Why did they do it?  Just one thing, the removal of  the rule The system must not use default self-signed certificates for <ESXi / vCenter> Communication.  So, if you want to follow the STIG, you no longer have to replace the default certificates provided, or you could replace them with an internal CA.

Why did they do this?  Well, there’s a reason, but not one I’m going to put here on a public blog.  If you’d like to know why just ask your SE.  I will have either already informed them, or they can reach out to me for the information internally.

Update: VMware has now published a KB article covering this issue.  The fix steps provided there are the same as below.

Using Horizon View 5.2 Feature Pack 1 against a Windows XP Desktop source HTML access connections fail with:

An error has occurred: {“code”:”ECONNRESET”}

Subsequent tests against a Windows 7 Desktop source all function correctly, so I know my configuration is correct.  What’s the problem here, and is there a solution?

Great question, so what’s actually going on here?  It’s even talked about on Wee Kiong Tan’s blog here, he had the same issue, so lets walk though what causes this.

Continue reading