mqzd23
Enthusiast
Enthusiast

esxicli "Connection failed"

I'm trying to connect to an ESXi 6.5 host through vCenter 6.7 with esxcli.exe from a Windows 10 machine but it fails with "Connection failed". I'm using:

(fake thumbprint + password)

esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#' --vihost 192.168.0.3

or

esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator@vsphere.local --password 'Secret87#' --vihost 192.168.0.3

or

esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username domainadmin@company.tld --password 'Secret17*' --vihost 192.168.0.3

Specifying the vCenter without the ESXi option gives me the same result

esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#'

- All credentials are correct because I can use them to log in through the webinterface

- vCenter=192.168.0.2 ESXi host=192.168.0.3

- ESXi shell is enabled and running on the ESXi host through vCenter

- SSH is enabled and running on the ESXi host through vCenter

- Thumbprint is correct (if I use a different thumbprint it fails)

- vCenter is installed on a Windows server and Windows firewall is disabled on that server.

What am I missing? What am I doing wrong?

(click for full)

pastedImage_0.png

0 Kudos
11 Replies
KabirAli82
Hot Shot
Hot Shot

Did you check the FW on the ESXi host?


Was I helpful? Give a kudo for appreciation!
Braindumping @ http://kablog.nl/
Tweeting @ https://twitter.com/_Kabir_Ali_
0 Kudos
mqzd23
Enthusiast
Enthusiast

Hi, thanks for your suggestion. The firewall on the ESXi host is open and accepting connections.

0 Kudos
Gidrakos
Hot Shot
Hot Shot

Are you getting any pertinent errors in the ESXi logs when trying to connect? It *should* be telling you at least something so long as a connection attempt is being made.

0 Kudos
mqzd23
Enthusiast
Enthusiast

I think the initial problem is getting connected to vCenter because connecting to that alone fails with the same error when I leave out the --vihost part

esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#'

I checked some logs on the vCenter server and couldn't find anything but to be honest, there's so much folders in the C:\ProgramData\VMware\vCenterServer\logs folder that I don't really know where to look.

0 Kudos
berndweyand
Expert
Expert

because it is esxcli you must specify an host on which this command should run. it makes no sense on vcenter.

for me the command "esxcli.exe -s <vcenter> -u <user> p <password> -d <thumbprint> -h <host> software vib list" runs perfectly

0 Kudos
mqzd23
Enthusiast
Enthusiast

Yeah I get you, that's what I already tried too (see startpost).

I tried your syntax, but in your syntax order (the thumbprint follows the password variable), I get a thumbprint error. When I move the thumbprint part straight after the <vcenter> part it gives me the error I already had before ("Connection failed"). Could it be I'm doing something wrong with the syntax and the thumbprint?

0 Kudos
Gidrakos
Hot Shot
Hot Shot

vCenter likely won't have any relevant info in its logs but ESXi should (so long as the connection is reaching at all).

Check on some of these: ESXi Log Locations

0 Kudos
berndweyand
Expert
Expert

i have used the parameter in exactly this order.

if you try only  "esxcli.exe -s <vcenter> -u <user> p <password> " it gives you the thumbprint you should use

are you using a valid vcenter-user ? try full name with domain, i.e administrator@vsphere.local

0 Kudos
mqzd23
Enthusiast
Enthusiast

@Gidrakos

Ok thanks, useful info. I'll check those.

0 Kudos
mqzd23
Enthusiast
Enthusiast

berndweyand:
i have used the parameter in exactly this order.

if you try only  "esxcli.exe -s <vcenter> -u <user> p <password> " it gives you the thumbprint you should use

are you using a valid vcenter-user ? try full name with domain, i.e administrator@vsphere.local

Ok, so I perform this:

esxcli.exe -s vcenterserver -u administrator@vsphere.local p Secret

This indeed gives me a thumbprint, so I'll do the following command with the thumb of the previous command included (fake thumbprint for the forums):

esxcli.exe -s vcenterserver -u administrator@vsphere.local p Secret -d 01:02:03:04:AF

This gives me:

Certificate error. Server SHA-1 thumbprint: 01:02:03:04:AF (not trusted)

I'm using the exact thumbprint the previous command gave me for that server. I'm so confused, do I need to add to my local Windows cert store or something?

Whenever I flip the command order:

esxcli.exe -s vcenterserver -d 01:02:03:04:AF -u administrator@vsphere.local p Secret

with the -d parameter after vcenterserver it fails with the message I got before: "Connection failed"

0 Kudos
berndweyand
Expert
Expert

according to this  VMware Knowledge Base it should with thumbprint run if you get sha1-errors.

in my environment its working

0 Kudos