VMware Cloud Community
steveschofield
Enthusiast
Enthusiast
‎02-20-2014 12:14 PM

New-CimSession and The SSL certificate is expired.

I'm querying the CIM provider on a specific host and and getting "The SSL certificate is expired" ona particular host.  The exception message powershell brings back is "Exception Message: Cannot bind argument to parameter 'CimSession' because it is null."  The self-signed cert on the vmhost 5.0 host expires in 2026.  What other certificate could be returning this error?  I'm curious because I run this against other hosts built around the same time.  The hosts are on the same network and in the same cluster.  I tried recycling the CIM_server process, same error.    I'm running on a windows 2012 R2 server with powershell 4.  Any ideas, I'd be curious.  

here is the script. I'm using

param
(
$ServerListFile=$(throw "Please specify file containing servers"),
$Output="MemoryStatsforHost",
$OutputErrors="MemoryStatsforHostErrors"
)

Import-module CimCmdlets

function Log([string]$path, [string]$value)
{
Add-Content -Path "$($Path)$($LogDate).txt" -Value $value
}

$cred=Get-Credential root
$serverlist=get-content -path $ServerListFile

$StartDate = Get-Date
$LogDate = "$($StartDate.Month)-$($StartDate.Day)-$($StartDate.Year)-$($StartDate.Hour)-$($StartDate.Minute)-$($vCenterServer)"
Write-Host "Gathering VMHost objects"
Log -Path $Output -Value "Starting process as $($Cred.Username) at $($StartDate)"
Log -Path $Output -Value "Server,Caption,MaxMemorySpeed,CapacityGB"

foreach($server in $serverlist)
{
try
{
  $CIOpt = New-CimSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck -Encoding Utf8 -UseSsl
  $Session = New-CimSession -Authentication Basic -Credential $cred -ComputerName $server -port 443 -SessionOption $CIOpt
  $Result = Get-CimInstance -CimSession $Session -ClassName CIM_Chip | where {$_.CreationClassName -eq "OMC_PhysicalMemory" } | Select Caption,DataWidth,FormFactor,MaxMemorySpeed,@{N="CapacityGB";E={[math]::Round($_.Capacity/1GB,0)}}
  Write-Host Processing "$($server)"

  foreach($DIMM in $Result)
  {
   Write-Host "$($server),$($DIMM.Caption), $($DIMM.MaxMemorySpeed), $($DIMM.CapacityGB)"
   Log -Path $Output -Value "$($server),$($DIMM.Caption), $($DIMM.MaxMemorySpeed), $($DIMM.CapacityGB)"
  }
}
catch
{
  write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
  Log -Path $OutputFileErrors -Value "Error processing $($Server),$($_.Exception.Message)"
}
}

$EndDate = Get-Date
Log -Path $Output -Value "Ending process as $($Cred.Username) at $($EndDate)"

0 Kudos
2 Replies
steveschofield
Enthusiast
Enthusiast
‎02-20-2014 12:22 PM

Nevermind, I found out the starting date on the certificate was set to start in the future.  Apparently when the self-cert was generated, the clock was off.  Is there a way to regenerate the self-signed cert?  Or live with it until it's "good".  FYI for future posts, the date on the cert was 9/23/2014 and today's date was 2/20.  Apparently it's "expired" even when it's not good yet.  Smiley Happy

0 Kudos
LucD
Leadership
Leadership
‎02-20-2014 12:46 PM

All the required CIM Session switches seem to be there, and the certificate should be ignored.

But I have to admit I never tested a CIM session with a certificate whose validity starts in the future.

Derek's blog post vSphere 5.5 Install Pt. 19: ESXi SSL Certificate is the easiest to follow to recreate a certificate


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos