VMware Cloud Community
YasinUhde
Contributor
Contributor
‎06-19-2019 03:19 AM
Jump to solution

After PowerCLI Update to 11.2 - PowerCLI not connecting to vCenter in another domain

I use one PowerShell/PowerCLI server for all of my vCenter Server.

Three vCenter Server are in different domains and have NAT IP-addresses.

With the old PowerCLI Version 6.5. the connection to all vCenter Server works fine.

With the latest PowerCLI Verision 11.2.0. I get an issue for all vCenter Server in a different domain.

Can someone explain me, what is the different between the authentication in this two versions?

Because of the different domains and the NAT IP-addresses, there is now an issue.

The server in the other domains are reachable over the name "vcenter.localdomain", but they are not reachable over the name "vcenter.otherdomain".

This is the error message:

PS C:\windows\system32> Connect-VIServer -Server "vcenter.localdomain" -Credential $vCenterCredentials

Connect-VIServer : There was no endpoint listening at https://vcenter.otherdomain/lookupservice/sdk that could accept the message. This is often caused by an

incorrect address or SOAP action. See InnerException, if present, for more details.

At line:1 char:1

+ Connect-VIServer -Server "vcenter.localdomain" -Cr ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Connect-VIServer], EndpointNotFoundException

    + FullyQualifiedErrorId : System.ServiceModel.EndpointNotFoundException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎06-19-2019 05:33 AM
Jump to solution

Ok, this is in any case a known issue that was apparently introduced in PowerCLI 10.*.
Currently the only option left seems to be to go back to a PowerCLI version before 10.*


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
6 Replies
LucD
Leadership
Leadership
‎06-19-2019 03:41 AM
Jump to solution

I'm a bit confused with your line

The server in the other domains are reachable over the name "vcenter.localdomain", but they are not reachable over the name "vcenter.otherdomain".

While the error message has conflicting info it seems

PS C:\windows\system32> Connect-VIServer -Server "vcenter.localdomain" -Credential $vCenterCredentials

Connect-VIServer : There was no endpoint listening at https://vcenter.otherdomain/lookupservice/sdk that could accept the message.

In any case, it's probably not an authentication problem, but a problem of connecting to the lookupservice.

See also vcsim: unable to connect when using PowerCLI 10 GA · Issue #1063 · vmware/govmomi · GitHub

One user reported that setting the configuration to NoProxy fixed the issue for him.

Can you try that?

Set-PowerCLIConfiguration -ProxyPolicy NoProxy


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
YasinUhde
Contributor
Contributor
‎06-19-2019 04:30 AM
Jump to solution

The vCenter Server is configured in the name "vCenter", the domain "otherdomain" and the ip-address "179.18.20.175".

In my local domain is a DNS entry with the name "vCenter", the domain "localdomain" and the ip-address "12.50.195.111".

Between the networks is a NAT.

The powerShell/PowerCLI Server cannot solve the dns name "vcenter.otherdomain" and it is correct, because it is another domain.

But with the older PowerCLI Version it works. That js why I think, they changed something in the authentication method.

When I try to connect to the vCenter with "connect-viserver "vCenter.localdomain", I get the prompt for username and password.

After entering the credentials I get the same error message.

The required ports are open.

Same issue with this Proxy Policy configuration:                                                         

Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout

                                                                                                  Seconds           

-----    -----------     ------------------- ------------------------  -------------------------- -------------------

Session  NoProxy         Multiple            Ignore                    True                       300               

User     NoProxy         Multiple            Ignore                                                                 

AllUsers NoProxy         Multiple            Ignore                                                                 

0 Kudos
LucD
Leadership
Leadership
‎06-19-2019 04:45 AM
Jump to solution

I'm pretty sure it is not an authentication issue.
It's an issue with connecting to the Lookup Service.

Are you using an external PSC in your setup?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
YasinUhde
Contributor
Contributor
‎06-19-2019 04:58 AM
Jump to solution

I use both. I have one vCenter with an internal PSC and another vCenter with an external PSC. In both setups I get the issue.

0 Kudos
LucD
Leadership
Leadership
‎06-19-2019 05:33 AM
Jump to solution

Ok, this is in any case a known issue that was apparently introduced in PowerCLI 10.*.
Currently the only option left seems to be to go back to a PowerCLI version before 10.*


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
YasinUhde
Contributor
Contributor
‎06-24-2019 06:59 AM
Jump to solution

I was hoping I'd do something wrong.

Thanks LucD, I try an older version.

0 Kudos