7 Replies Latest reply on Aug 14, 2019 5:37 PM by edgerch

    PowerCLI v11.3.0.13990089 InvalidCertificateAction not Working...

    edgerch Lurker

      In the last version of the PowerCLI (v11.3.0.13990089) the "InvalidCertificateAction" setting is ignored by Connect-VIServer command.


      I've executed the following command:

      Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -ProxyPolicy NoProxy -ParticipateInCeip $false -DisplayDeprecationWarnings:$true -DefaultVIServerMode Multiple;

      With the result:




      Howeber, when I execute the command:

      Connect-VIServer -Server <somehost> -Verbose;

      I get this error:

      DETALLADO: Attempting to connect using SSPI

      DETALLADO: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.

      DETALLADO: Connect using SSPI was unsuccessful

      DETALLADO: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.

      Connect-VIServer : 04/07/2019 07:09:24 PM       Connect-VIServer                Error: Invalid server certificate. Use

      Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect

      once or to add a permanent exception for this server.

      Additional Information: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.

      En línea: 1 Carácter: 1

      + Connect-VIServer -Server <somehost> -Verbose;

      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException

          + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.


      Apparently, the "-InvalidCertificateAction Ignore" is Ignored by the "Connect-VIServer" CmdLet


      *UPDATE 2019/08/08*: Here is the entire script I'm using:

      # Force the use of Windows Credentials as Proxy Auth for the current session

      [System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials;


      # Verificar si VMWare CLI está instalado

      If ((Get-Module -Name VMware.PowerCLI -ListAvailable) -ne $null) {

          # VMWare.PowerCLI ya se encuentra instalado

      } Else {

          # Verificar si el repositorio 'PSGallery' se encuentra habilitado

          If ((Get-PSRepository | Select-Object -Property Name | Select-String -Pattern "PSGallery" -CaseSensitive -SimpleMatch) -ne $null) {

              # El repositorio está instalado

          } Else {

              # Restore the Default Repository "PSGallery" "https://www.powershellgallery.com/api/v2"

              Register-PSRepository -Default -Verbose;


          # Set the Defualt Repository as Trusted

          Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted;

          # Instalar VMWare.PowerCLI

          Install-Module -Name VMware.PowerCLI;



      # Mostrar la configuración actual de VMWare.PowerCLI



      #Get-Help about_invalid_certificates;

      # Permanent PowerCLI exceptions

      #   %USERPROFILE%\AppData\Roaming\VMware\PowerCLI\SslCertificateExceptions.csv

      Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -Scope Session -ProxyPolicy UseSystemProxy -ParticipateInCeip $false -DisplayDeprecationWarnings:$true -DefaultVIServerMode Multiple;

      Connect-VIServer -Server somehost.domain.com -Force -Verbose;

      # List VM Machines



      # Wait for a key press to finish the script

      Write-Host -NoNewLine "Press any key to continue...";

      $null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown");