VMware Cloud Community
microlytix
Enthusiast
Enthusiast
‎08-18-2023 03:16 AM

PowerCLI: Force ESXi-Configuration download to HTTPS

I usually bulk backup ESXi host configurations with PowerCLI.

Get-Cluster -name myCluster | Get-VMHost | Get-VMHostFirmware -BackupConfiguration -DestinationPath 'c:\tmp'

Today a backup effort failed with download issues:

Together with the network team we figured out that PowerCLI seems to try downloading the TGZ-Backup via HTTP instead of HTTPS.

HTTPS access to the host is possible, HTTP is blocked.

Get-VMHostFirmware : 18.08.2023 12:05:49 Get-VMHostFirmware An error occurred while sending the request.
At line:1 char:28
+ ... et-VMHost | Get-VMHostFirmware -BackupConfiguration -DestinationPath ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-VMHostFirmware], ViError
+ FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_BackupVmHostFirmware_DownloadError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostFirmware

 

Is there an option to force the download to use HTTPS?

TIA

Michael

blog: https://www.elasticsky.de/en
Labels (4)
0 Kudos
2 Replies
LucD
Leadership
Leadership
‎08-18-2023 05:23 AM

The Get-VMHostFirmware cmdlet has, afaik, no option to use HTTPS.

But you can simulate the same via the

vim-cmd hostsvc/firmware/backup_config

command (see KB2042141) and the Invoke-SSHCommand (from the Posh-SSH module).
And then download the resulting file via for example Invoke-WebRequest, using HTTPS. 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
microlytix
Enthusiast
Enthusiast
‎08-18-2023 05:56 AM

Thanks Luc

Deep in the past we used to make it host-by-host with vicfg-cfgbackup and downloaded the file with SCP afterwards. That's fine when you only need to backup a few hosts. The point is that we're firing one-liners against multiple VC instances with many hosts. It's a convenient way to get all configurations with just a single direct command.

Well, I think we'll need to add another firewall rule in order to allow HTTP connections from certain workstations.

 

blog: https://www.elasticsky.de/en
0 Kudos