I've already set the invalid certificate action to ignore.
Able to connect to vcenter using the web or desktop client just fine,
In that case, try setting the following before the Connect-VIServer
[System.Net.SecurityProtocolType]::Tls11,
[System.Net.SecurityProtocolType]::Tls12
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try running this before
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11,[System.Net.SecurityProtocolType]::Tls12
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Unfortunately, same error still persists.
Which PowerCLI version are you using?
From where do you run this?
Can you attach a screenshot of the commands and the error?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Can you do a Get-PowerCLIConfiguration?
Check the different scopes for the InvalidCertificate settings
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Can you start a PS session as Administrator, and then do the Set-PowerCLIConfiguration setting for the AllUsers scope?
Set-PowerCLIConfiguration -Confirm:$false -Scope AllUsers -InvalidCertificateAction Ignore
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Done. Same error. Is there by any chance because of vCenter vSphere version?
Because I've managed to connect to all my other vCenter running 6.5 and those failing are 5.5 & 5.1.
In that case, try setting the following before the Connect-VIServer
[System.Net.SecurityProtocolType]::Tls11,
[System.Net.SecurityProtocolType]::Tls12
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You sir are a lifesaver. Thanks much. It works now, so does it mean, I have to set my security protocol every time I'm gonna use Connect-Viserver?
Only when you want to connect to that older vCenter.
PS and vSphere moved on, and the old TLS protocol is not supported on either of them anymore.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
As I understand it, best practice is to not specify specific TLS implementations, but to allow Windows to use the highest available on the client. This will work if TLS 1.2 is enabled and in the future work with TLS 1.3:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::SystemDefault
Citation: SecurityProtocolType Enum (System.Net) | Microsoft Docs
But not when you are using a recent Windows version (where TLS is disabled) with an old vCenter version (which only knows TLS)
And with TLS I mean TLS1
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi,
I am having similar issue.
when I try to connect this one VC from Powershell ISE it is working after powerCLIconfiguration.
but when I try it with jenkins (with same service account as of powershell ise) it fails with below error:
Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Additional Information: Could not establish secure channel for SSL/TLS with authority
PS. other vcenters are having no issues after I changed powercliconfiguration of invalidcert
--Get-PowerCLIConfiguration
snip attached
Did you add the [System.Net.ServicePointManager]::SecurityProtocol part to your code?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
adding This worked for me. Thank You so much.
earlier jenkins was on windows servers 2012 it worked there.
now I had migrated to server 2022 and jenkins was showing errors.
I understand the tls could be issue in new system, but same code was working from powershell ISE without changinf/adding protocol option, any insights on this. just curious
Some platforms do not support older TLS protocols by default.
By explicitly specifying the supported versions, the connection can be established.
This is not a good practice, you should investigate why one of the platforms only accepts an older TLS version.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference