Connect-VIServer through ssh tunnel stopped workin...

jrubio71 · ‎03-11-2018

Hello all,

I usually connect to my vCenter servers using ssh tunnels because I have no direct IP connectivity between my PC and the servers. After updating to v10 I got the following error (sorry is in Spanish):

PowerCLI> Connect-VIServer -Server localhost -Port 4431 -User Administrator -Password $passwd_dev Connect-VIServer : No había ningún extremo escuchando en https://vcenter01-nfh.maqueta/lookupservice/sdk que pudiera aceptar el mensaje. La causa suele ser una dirección o una acción SOAP incorrecta. Consulte InnerException, si está presente, para obtener más información. At line:1 char:1 + Connect-VIServer -Server localhost -Port 4431 -User Administrator -Pa ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-VIServer], EndpointNotFoundException + FullyQualifiedErrorId : System.ServiceModel.EndpointNotFoundException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

The tunnel for such a connection form my PC would look like this:

ssh -L 4431:vcenter01-nfh.maqueta:443 hopmachine.maqueta

This happens both with Windows 7 and Ubuntu 16.04 versions of PowerCLI 10.0 and with vCenter version 6.0U3. It does not happen with vCenter 5.5!!

Thanks to a user in the PS Gallery (PowerShell Gallery | VMware.PowerCLI 6.5.4.7155375) I was able to roll back to version 6.5.4 and now all is working again as expected.

What do you think?

Thank you!

kwhornlcs · ‎03-12-2018

There was a change in the way Connect-VIServer handles untrusted certificates.

Have you tried setting the certificate handling to ignore? See the blog below under default certificate handling. It's default is to reject the session.

New Release: VMware PowerCLI 10.0.0 - VMware PowerCLI Blog - VMware Blogs

jrubio71 · ‎04-03-2018

Thank you for the advice!

I have tested with InvalidCertificateAction set to Ignore with the same result. Not working across ssh tunnels.

See my tests in attached screenshot (using an Ubuntu VM with powercli 10).

Finally I rolled back to the 6.5 version and now all is working again.

BR.,

PS: Screenshot. In the right windows the tunnel establishment, in the left window the attempt to connect using the tunnel (powercli 10)

LucD · ‎04-03-2018

Does the Connect-VIServer wotk on the far end of the tunnel?

What I'm trying to say, can you open a PowerShell Remote session through the tunnel, and then execute the Connect-VIServer in the remote session?

Not sure if the picture you included is the correct one, looks like the tunnel doesn't get established due to permissions?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jrubio71 · ‎04-03-2018

Hello LucD,

I used the option "-N" in ssh command to avoid opening a shell on the remote hop machine, but the tunnel is established:

How do I open a remote powershell session?

Thank you!

LucD · ‎04-03-2018

Ok, got it.

Have a look at PowerShell Remoting Over SSH

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jrubio71 · ‎10-10-2018

Hello!!

Thank you for the suggestion, but in all this time I have been unable to install power shell and tune the sshd config in the hop machine (to use powershell remoting), becasuse it depends on other people.

So I am still using PowerCLI verion 6.5 which works well accross standard ssh tcp tunnels.

Any other suggestion?

LucD · ‎10-10-2018

It seems to be a bug.
See Issue#1063 for govmomi

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Connect-VIServer through ssh tunnel stopped working after PowerCLI update to version 10