VMware Cloud Community
siprasad
Contributor
Contributor
‎06-05-2023 10:56 PM

connect-viserver failure

The connect-viserver for a vcenter fails with the below message. However, an attempt to connect another vcenter server(which is on same build) works fine without any issues. Both the vCenter Servers are on version 7.0.3-20990077. Any suggestions @LucD?

connect-viserver : 6/6/2023 1:51:07 PM Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Additional Information: Could not establish secure channel for SSL/TLS with authority 'vcentername'.
At line:1 char:1
+ connect-viserver "vcentername"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

PS C:\>

PS C:\> [Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls, Tls12

0 Kudos
7 Replies
LucD
Leadership
Leadership
‎06-05-2023 10:59 PM

Can you connect after you do

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
siprasad
Contributor
Contributor
‎06-05-2023 11:02 PM

hello @LucD, yes tried that and it didn't help.

to clarify:

1) there are two vcenter servers, both of same versions

2) one vcenter, I am able to connect without any issues and the second one, it fails with an error. This is regardless of I try to connect both the vcenter servers in the same session or use different sessions. 

 

siprasad_3-1686101054782.png

 

Preview file
167 KB
0 Kudos
LucD
Leadership
Leadership
‎06-05-2023 11:55 PM

Did you try the 2nd bullet in Solved: Re: Cannot connect to vcenter server via PowerShel... - VMware Technology Network VMTN


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
siprasad
Contributor
Contributor
‎06-06-2023 12:56 AM

hello @LucD,

Yes, tried that earlier and it didn't help. Tried it again, resulting with the same behavior. One vcenter succeeds and the other fails. 

 

siprasad_2-1686101015778.png

 

Preview file
196 KB
0 Kudos
LucD
Leadership
Leadership
‎06-06-2023 01:20 AM

Can you try with the explicit Server parameter.

Connect-VIServer -Server v18g




Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
siprasad
Contributor
Contributor
‎06-06-2023 06:21 PM

Hello @LucD, fails with the same error 

siprasad_1-1686100966301.png

 

 

Preview file
151 KB
0 Kudos
siprasad
Contributor
Contributor
‎06-07-2023 03:55 AM

hello @LucD ,

 

I think I may have found out the cause of this error. This is more on the allowed ciphers on port 443, a configuration that needs to changed on the reverse proxy config file. I am able to repro this issue successfully, will work with VMware GSS.

Thanks. 

0 Kudos