11 Replies Latest reply on Dec 9, 2019 2:10 AM by bewe

    esxicli "Connection failed"

    mqzd23 Novice

      I'm trying to connect to an ESXi 6.5 host through vCenter 6.7 with esxcli.exe from a Windows 10 machine but it fails with "Connection failed". I'm using:

       

      (fake thumbprint + password)

      esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#' --vihost 192.168.0.3

      or

      esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator@vsphere.local --password 'Secret87#' --vihost 192.168.0.3

      or

      esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username domainadmin@company.tld --password 'Secret17*' --vihost 192.168.0.3

      Specifying the vCenter without the ESXi option gives me the same result

      esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#'

       

      - All credentials are correct because I can use them to log in through the webinterface

      - vCenter=192.168.0.2 ESXi host=192.168.0.3

      - ESXi shell is enabled and running on the ESXi host through vCenter

      - SSH is enabled and running on the ESXi host through vCenter

      - Thumbprint is correct (if I use a different thumbprint it fails)

      - vCenter is installed on a Windows server and Windows firewall is disabled on that server.

       

      What am I missing? What am I doing wrong?

       

      (click for full)

        • 1. Re: esxicli "Connection failed"
          KabirAli82 Enthusiast

          Did you check the FW on the ESXi host?

          • 2. Re: esxicli "Connection failed"
            mqzd23 Novice

            Hi, thanks for your suggestion. The firewall on the ESXi host is open and accepting connections.

            • 3. Re: esxicli "Connection failed"
              Gidrakos Hot Shot

              Are you getting any pertinent errors in the ESXi logs when trying to connect? It *should* be telling you at least something so long as a connection attempt is being made.

              • 4. Re: esxicli "Connection failed"
                mqzd23 Novice

                I think the initial problem is getting connected to vCenter because connecting to that alone fails with the same error when I leave out the --vihost part

                esxcli --server 192.168.0.2 --thumbprint 12:34:56:78:9:0A --username administrator --password 'Secret87#'

                I checked some logs on the vCenter server and couldn't find anything but to be honest, there's so much folders in the C:\ProgramData\VMware\vCenterServer\logs folder that I don't really know where to look.

                • 5. Re: esxicli "Connection failed"
                  bewe Hot Shot

                  because it is esxcli you must specify an host on which this command should run. it makes no sense on vcenter.

                   

                  for me the command "esxcli.exe -s <vcenter> -u <user> p <password> -d <thumbprint> -h <host> software vib list" runs perfectly

                  • 6. Re: esxicli "Connection failed"
                    mqzd23 Novice

                    Yeah I get you, that's what I already tried too (see startpost).

                     

                    I tried your syntax, but in your syntax order (the thumbprint follows the password variable), I get a thumbprint error. When I move the thumbprint part straight after the <vcenter> part it gives me the error I already had before ("Connection failed"). Could it be I'm doing something wrong with the syntax and the thumbprint?

                    • 7. Re: esxicli "Connection failed"
                      Gidrakos Hot Shot

                      vCenter likely won't have any relevant info in its logs but ESXi should (so long as the connection is reaching at all).

                       

                      Check on some of these: ESXi Log Locations

                      • 8. Re: esxicli "Connection failed"
                        bewe Hot Shot

                        i have used the parameter in exactly this order.

                         

                        if you try only  "esxcli.exe -s <vcenter> -u <user> p <password> " it gives you the thumbprint you should use

                        are you using a valid vcenter-user ? try full name with domain, i.e administrator@vsphere.local

                        • 9. Re: esxicli "Connection failed"
                          mqzd23 Novice

                          @Gidrakos

                          Ok thanks, useful info. I'll check those.

                          • 10. Re: esxicli "Connection failed"
                            mqzd23 Novice

                            berndweyand:
                            i have used the parameter in exactly this order.

                             

                            if you try only  "esxcli.exe -s <vcenter> -u <user> p <password> " it gives you the thumbprint you should use

                            are you using a valid vcenter-user ? try full name with domain, i.e administrator@vsphere.local

                            Ok, so I perform this:

                            esxcli.exe -s vcenterserver -u administrator@vsphere.local p Secret

                            This indeed gives me a thumbprint, so I'll do the following command with the thumb of the previous command included (fake thumbprint for the forums):

                            esxcli.exe -s vcenterserver -u administrator@vsphere.local p Secret -d 01:02:03:04:AF

                            This gives me:

                            Certificate error. Server SHA-1 thumbprint: 01:02:03:04:AF (not trusted)

                            I'm using the exact thumbprint the previous command gave me for that server. I'm so confused, do I need to add to my local Windows cert store or something?

                            Whenever I flip the command order:

                            esxcli.exe -s vcenterserver -d 01:02:03:04:AF -u administrator@vsphere.local p Secret

                            with the -d parameter after vcenterserver it fails with the message I got before: "Connection failed"

                            • 11. Re: esxicli "Connection failed"
                              bewe Hot Shot

                              according to this  VMware Knowledge Base it should with thumbprint run if you get sha1-errors.

                              in my environment its working