vSphere Client not working after disabling TLS 1.0?

Like most companies we have been going through compliance remediation. Many compliance groups are now requiring that TLS 1.0 is disabled and only TLS 1.1 or 1.2 are being used. This brings in an issue with the older vSphere Client being able to connect to the virtual center. While vShere 6.5 and 6.7 make use of a much better HTML5 version if you are still running the latest version of vSphere 6.0 then you will be stuck using the not-so-great flash-based web client.

However, there is actually a way to get the older vSphere client to work after disabling TLS1.0.

  1. Update to the latest client from https://kb.vmware.com/s/article/2089791
  2. Edit the following line in notepad: C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe.config

     <!-- if Value for EnableTLS12 is true, TLS12 protocol will be used -->
     <add key = "EnableTLS12" value = "false" />
    

    change the line to read:

     <add key = "EnableTLS12" value = "true" />
    
  3. Download the hotfix and install it for .NET depending on your version of .NET and OS:

    .NET Framework 2.0 SP2 on Windows Vista SP2 and Server 2008 SP2

    .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1

    .NET Framework 3.5 on Windows Server 2012

    .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2

  4. Restart all vSphere clients.