MFTF
Contributor
Contributor

Cannot connect to vcenter server via PowerCLI

Jump to solution

I need to run some scripts to collect data from a large suite of VMs and I managed to use PowerCLI (via Powershell) and everything connected and worked fine. When I came back later to roll all the commands into a script so other people could run it I now get this error:

Connect-VIServer : 23/03/2020 14:29:22  Connect-VIServer An error occurred while making the HTTP request to https://<vcenter server>/sdk. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

This happens whether I run the command in PowerShell or ISE and I just can't work out why - can anyone help?

1 Solution

Accepted Solutions
LucD
Leadership
Leadership

There are 2 possible reasons (like the error message states)

  • There is no valid certificate on the vCenter (or one for which the root CA can not be reached). Set the PowerCLI option to ignore that

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

  • There is a TLS version mismatch between your station and the vCenter. One option is to accept all TLS versions

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls,[Net.SecurityProtocolType]::Tls11,[Net.SecurityProtocolType]::Tls12


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
7 Replies
daphnissov
Immortal
Immortal

Move to PowerCLI.

0 Kudos
scott28tt
VMware Employee
VMware Employee

Moderator: This should either have been in the vCenter Server area or the PowerCLI area - I've moved it to the latter of the two.

MFTF
Contributor
Contributor

Apologies for the terminology problems, I haven't used the system before today and I think that's what I've done. My Get-module output is below:

Annotation 2020-03-23 144112.jpg

Can you tell me if I have the right details?

0 Kudos
LucD
Leadership
Leadership

There are 2 possible reasons (like the error message states)

  • There is no valid certificate on the vCenter (or one for which the root CA can not be reached). Set the PowerCLI option to ignore that

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

  • There is a TLS version mismatch between your station and the vCenter. One option is to accept all TLS versions

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls,[Net.SecurityProtocolType]::Tls11,[Net.SecurityProtocolType]::Tls12


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
MFTF
Contributor
Contributor

I've added both of these in and I still get the same error. Interestingly enough I've just tried using the IP of the server instead (which never normally works for other operations) and that seems to be connecting and disconnecting fine. From that I would assume it's likely to be DNS due to remote working?

0 Kudos
LucD
Leadership
Leadership

Could be, but it could also be that the certificate you are using on the vCenter only has the IP address.
And that it doesn't have the FQDN or hostname as Alternate Name.

Can you check what is in the certificate?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
MFTF
Contributor
Contributor

I've checked the certificate and it's got the FQDN of the server in it and not the IP. Odd - no worries though because the script I need to run can (and does) work via IP and it's only something simple.

0 Kudos