I'm querying the CIM provider on a specific host and and getting "The SSL certificate is expired" ona particular host. The exception message powershell brings back is "Exception Message: Cannot bind argument to parameter 'CimSession' because it is null." The self-signed cert on the vmhost 5.0 host expires in 2026. What other certificate could be returning this error? I'm curious because I run this against other hosts built around the same time. The hosts are on the same network and in the same cluster. I tried recycling the CIM_server process, same error. I'm running on a windows 2012 R2 server with powershell 4. Any ideas, I'd be curious.
here is the script. I'm using
param
(
$ServerListFile=$(throw "Please specify file containing servers"),
$Output="MemoryStatsforHost",
$OutputErrors="MemoryStatsforHostErrors"
)
Import-module CimCmdlets
function Log([string]$path, [string]$value)
{
Add-Content -Path "$($Path)$($LogDate).txt" -Value $value
}
$cred=Get-Credential root
$serverlist=get-content -path $ServerListFile
$StartDate = Get-Date
$LogDate = "$($StartDate.Month)-$($StartDate.Day)-$($StartDate.Year)-$($StartDate.Hour)-$($StartDate.Minute)-$($vCenterServer)"
Write-Host "Gathering VMHost objects"
Log -Path $Output -Value "Starting process as $($Cred.Username) at $($StartDate)"
Log -Path $Output -Value "Server,Caption,MaxMemorySpeed,CapacityGB"
foreach($server in $serverlist)
{
try
{
$CIOpt = New-CimSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck -Encoding Utf8 -UseSsl
$Session = New-CimSession -Authentication Basic -Credential $cred -ComputerName $server -port 443 -SessionOption $CIOpt
$Result = Get-CimInstance -CimSession $Session -ClassName CIM_Chip | where {$_.CreationClassName -eq "OMC_PhysicalMemory" } | Select Caption,DataWidth,FormFactor,MaxMemorySpeed,@{N="CapacityGB";E={[math]::Round($_.Capacity/1GB,0)}}
Write-Host Processing "$($server)"
foreach($DIMM in $Result)
{
Write-Host "$($server),$($DIMM.Caption), $($DIMM.MaxMemorySpeed), $($DIMM.CapacityGB)"
Log -Path $Output -Value "$($server),$($DIMM.Caption), $($DIMM.MaxMemorySpeed), $($DIMM.CapacityGB)"
}
}
catch
{
write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
Log -Path $OutputFileErrors -Value "Error processing $($Server),$($_.Exception.Message)"
}
}
$EndDate = Get-Date
Log -Path $Output -Value "Ending process as $($Cred.Username) at $($EndDate)"
Nevermind, I found out the starting date on the certificate was set to start in the future. Apparently when the self-cert was generated, the clock was off. Is there a way to regenerate the self-signed cert? Or live with it until it's "good". FYI for future posts, the date on the cert was 9/23/2014 and today's date was 2/20. Apparently it's "expired" even when it's not good yet.
All the required CIM Session switches seem to be there, and the certificate should be ignored.
But I have to admit I never tested a CIM session with a certificate whose validity starts in the future.
Derek's blog post vSphere 5.5 Install Pt. 19: ESXi SSL Certificate is the easiest to follow to recreate a certificate
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference