Solved: get-viserver for firewalled service console

Subatomic · ‎04-11-2008

We have some ESX hosts that are secured behind a firewall. Our corporate network also has proxy servers for HTTP/S traffic. Access to the service console is restricted to a limited number of IPs, and the proxy isn't one of them. Our desktops have their Internet Explorer proxies settings enforced by Group Policy.

For normal operation, I would use Firefox for any such access over http/s. The problem I have is that get-viserver seems to use Internet Explorer's proxy settings, and as a result, using the VMware plugin fails when I try to connect to the hosts.

I have tried the following commands:

Add-PSSnapin VMware.VimAutomation.Core

Get-VIServer -Server server -Port 443 -Protocol https -Credentials(Get-Credential username)

With the proxy settings disabled, it works howeverm when the IE proxy is enabled, I get the following errror

Get-VIServer : Could not connect using the requested protocol

Is there anyway to specify not to use a proxy either within the VMware snapin or directly in PowerShell?

If the comments were useful, please consider awarding points for helpful or correct. Thanks - SA -

admin · ‎04-16-2008

Hi Niket,
Thanks for your reply. I already know that I can add the a proxy bypass in IE. One thing I forgot to mention is that we use Autoproxy, so cannot really set the proxy bypass addresses without having the WPAD changed by our network admins - which would achieve the same working result.
I'm not sure if it would be useful function (for others) to be able to be able to choose whether to use the IE settings or not.. ?

Hi Djarid,

You make a good point, we've filed a bug to change get-viserver to support not using proxy settings.

View solution in original post

Niket · ‎04-16-2008

Hi Subatomic.

Your problem is probably because of using the proxy setting defined in Internet Explorer. You are behind the firewall and user and password provided by you to connect to VIServer is not being going to ESX server for authenticate and giving you the error.

If you bypass your proxy setting only for the ESX server it would definitely work.

Please follow the below instruction to do that. These changes would not impact you for any network issue.

Goto: Internet Properties > Connections (Tab) > LAN Settings (Button) > Advanced (Button)

In Proxy setting screen add your ESX server address in this Exceptions box and save this setting.

This way you are directly connect with the ESX with bypassing the proxy.

Now try to run your command, it would work.

I hope, it resolves your issue.

Thanks

Niket

Djarid · ‎04-16-2008

Hi Niket,

Thanks for your reply. I already know that I can add the a proxy bypass in IE. One thing I forgot to mention is that we use Autoproxy, so cannot really set the proxy bypass addresses without having the WPAD changed by our network admins - which would achieve the same working result.

I'm not sure if it would be useful function (for others) to be able to be able to choose whether to use the IE settings or not.. ?

admin · ‎04-16-2008

Hi Niket,
Thanks for your reply. I already know that I can add the a proxy bypass in IE. One thing I forgot to mention is that we use Autoproxy, so cannot really set the proxy bypass addresses without having the WPAD changed by our network admins - which would achieve the same working result.
I'm not sure if it would be useful function (for others) to be able to be able to choose whether to use the IE settings or not.. ?

Hi Djarid,

You make a good point, we've filed a bug to change get-viserver to support not using proxy settings.

Subatomic · ‎04-17-2008

Hi Carter,

I sent the earlier reply from my collegues browser - hence the different id.

Thanks for submitting this as a bug. I look forward to seeing the changes in a future release.

If the comments were useful, please consider awarding points for helpful or correct. Thanks - SA -

vfaisal · ‎10-21-2011

Great stuff! That did the trick for me. Thanks for that.

PeterOehlert · ‎02-14-2012

If you have permission to change the powershell config file, you can tell the powershell .net process not to use the system proxy.

You can also use this to configure a MITM proxy like fiddler or burp.

Add:

<system.net><defaultProxy enabled="true">
<proxy useSystemDefault="false"/>
</defaultProxy></system.net>

All

get-viserver for firewalled service console