Hello all,
I usually connect to my vCenter servers using ssh tunnels because I have no direct IP connectivity between my PC and the servers. After updating to v10 I got the following error (sorry is in Spanish):
PowerCLI> Connect-VIServer -Server localhost -Port 4431 -User Administrator -Password $passwd_dev Connect-VIServer : No había ningún extremo escuchando en https://vcenter01-nfh.maqueta/lookupservice/sdk que pudiera aceptar el mensaje. La causa suele ser una
dirección o una acción SOAP incorrecta. Consulte InnerException, si está presente, para obtener más información.
At line:1 char:1
+ Connect-VIServer -Server localhost -Port 4431 -User Administrator -Pa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], EndpointNotFoundException
+ FullyQualifiedErrorId : System.ServiceModel.EndpointNotFoundException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
The tunnel for such a connection form my PC would look like this:
ssh -L 4431:vcenter01-nfh.maqueta:443 hopmachine.maqueta
This happens both with Windows 7 and Ubuntu 16.04 versions of PowerCLI 10.0 and with vCenter version 6.0U3. It does not happen with vCenter 5.5!!
Thanks to a user in the PS Gallery (PowerShell Gallery | VMware.PowerCLI 6.5.4.7155375) I was able to roll back to version 6.5.4 and now all is working again as expected.
What do you think?
Thank you!
There was a change in the way Connect-VIServer handles untrusted certificates.
Have you tried setting the certificate handling to ignore? See the blog below under default certificate handling. It's default is to reject the session.
New Release: VMware PowerCLI 10.0.0 - VMware PowerCLI Blog - VMware Blogs
Thank you for the advice!
I have tested with InvalidCertificateAction set to Ignore with the same result. Not working across ssh tunnels.
See my tests in attached screenshot (using an Ubuntu VM with powercli 10).
Finally I rolled back to the 6.5 version and now all is working again.
BR.,
PS: Screenshot. In the right windows the tunnel establishment, in the left window the attempt to connect using the tunnel (powercli 10)
Does the Connect-VIServer wotk on the far end of the tunnel?
What I'm trying to say, can you open a PowerShell Remote session through the tunnel, and then execute the Connect-VIServer in the remote session?
Not sure if the picture you included is the correct one, looks like the tunnel doesn't get established due to permissions?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello LucD,
I used the option "-N" in ssh command to avoid opening a shell on the remote hop machine, but the tunnel is established:
How do I open a remote powershell session?
Thank you!
Ok, got it.
Have a look at PowerShell Remoting Over SSH
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello!!
Thank you for the suggestion, but in all this time I have been unable to install power shell and tune the sshd config in the hop machine (to use powershell remoting), becasuse it depends on other people.
So I am still using PowerCLI verion 6.5 which works well accross standard ssh tcp tunnels.
Any other suggestion?
It seems to be a bug.
See Issue#1063 for govmomi
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference