I usually bulk backup ESXi host configurations with PowerCLI.
Get-Cluster -name myCluster | Get-VMHost | Get-VMHostFirmware -BackupConfiguration -DestinationPath 'c:\tmp'
Today a backup effort failed with download issues:
Together with the network team we figured out that PowerCLI seems to try downloading the TGZ-Backup via HTTP instead of HTTPS.
HTTPS access to the host is possible, HTTP is blocked.
Get-VMHostFirmware : 18.08.2023 12:05:49 Get-VMHostFirmware An error occurred while sending the request.
At line:1 char:28
+ ... et-VMHost | Get-VMHostFirmware -BackupConfiguration -DestinationPath ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-VMHostFirmware], ViError
+ FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_BackupVmHostFirmware_DownloadError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostFirmware
Is there an option to force the download to use HTTPS?
TIA
Michael
The Get-VMHostFirmware cmdlet has, afaik, no option to use HTTPS.
But you can simulate the same via the
vim-cmd hostsvc/firmware/backup_config
command (see KB2042141) and the Invoke-SSHCommand (from the Posh-SSH module).
And then download the resulting file via for example Invoke-WebRequest, using HTTPS.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks Luc
Deep in the past we used to make it host-by-host with vicfg-cfgbackup and downloaded the file with SCP afterwards. That's fine when you only need to backup a few hosts. The point is that we're firing one-liners against multiple VC instances with many hosts. It's a convenient way to get all configurations with just a single direct command.
Well, I think we'll need to add another firewall rule in order to allow HTTP connections from certain workstations.