PowerCLI

Hi Community

So I have the usual issue, ubuntu 20.04, powershell 7, powercli 12.3, Connect-VIServer gives SSL error...

PS /root> Get-Module -ListAvailable

Directory: /root/.local/share/powershell/Modules

ModuleType Version PreRelease Name PSEdition ExportedCommands
---------- ------- ---------- ---- --------- ----------------
Script 12.2.0.17… VMware.CloudServices Desk {Connect-Vcs, Disconnect-Vcs, Get-VcsOrganizationRole, Get-VcsService…}
Script 7.0.2.178… VMware.DeployAutomation Desk {Add-CustomCertificate, Add-DeployRule, Add-ProxyServer, Add-ScriptBundle…}
Script 7.0.2.178… VMware.ImageBuilder Desk {Add-EsxSoftwareDepot, Add-EsxSoftwarePackage, Compare-EsxImageProfile, Export-EsxImageProfile…}
Manifest 12.3.0.17… VMware.PowerCLI Desk
Script 7.0.2.178… VMware.Vim Desk
Script 12.3.0.17… VMware.VimAutomation.Cis.Core Desk {Connect-CisServer, Disconnect-CisServer, Get-CisService}
Script 12.0.0.15… VMware.VimAutomation.Cloud Desk {Add-CIDatastore, Connect-CIServer, Disconnect-CIServer, Get-Catalog…}
Script 12.3.0.17… VMware.VimAutomation.Common Desk {Get-PowerCLIContext, Get-Task, New-OAuthSecurityContext, Stop-Task…}
Script 12.3.0.17… VMware.VimAutomation.Core Desk {Add-PassthroughDevice, Add-VirtualSwitchPhysicalNetworkAdapter, Add-VMHost, Add-VMHostNtpServer…}
Script 12.3.0.17… VMware.VimAutomation.Hcx Desk {Connect-HCXServer, Disconnect-HCXServer, Get-HCXAppliance, Get-HCXComputeProfile…}
Script 12.3.0.17… VMware.VimAutomation.HorizonView Desk {Connect-HVServer, Disconnect-HVServer}
Script 12.0.0.15… VMware.VimAutomation.License Desk Get-LicenseDataManager
Script 12.3.0.17… VMware.VimAutomation.Nsxt Desk {Connect-NsxtServer, Disconnect-NsxtServer, Get-NsxtGlobalManagerService, Get-NsxtPolicyService…}
Script 12.2.0.17… VMware.VimAutomation.Sdk Desk {Get-ErrorReport, Get-PSVersion, EnableParameterCompleters, Get-InstallPath}
Script 12.3.0.17… VMware.VimAutomation.Security Desk {Add-AttestationServiceInfo, Add-KeyProviderServiceInfo, Add-TrustAuthorityKeyProviderServer, Add-TrustAuthorityKe…
Script 12.3.0.17… VMware.VimAutomation.Srm Desk {Connect-SrmServer, Disconnect-SrmServer}
Script 12.3.0.17… VMware.VimAutomation.Storage Desk {Add-EntityDefaultKeyProvider, Add-KeyManagementServer, Add-VsanFileServiceOvf, Add-VsanObjectToRepairQueue…}
Script 1.6.0.0 VMware.VimAutomation.StorageUtility Desk Update-VmfsDatastore
Script 12.3.0.17… VMware.VimAutomation.Vds Desk {Add-VDSwitchPhysicalNetworkAdapter, Add-VDSwitchVMHost, Export-VDPortGroup, Export-VDSwitch…}
Script 12.2.0.17… VMware.VimAutomation.Vmc Desk {Add-VmcSddcHost, Connect-Vmc, Disconnect-Vmc, Get-AwsAccount…}
Script 12.2.0.17… VMware.VimAutomation.vROps Desk {Connect-OMServer, Disconnect-OMServer, Get-OMAlert, Get-OMAlertDefinition…}
Script 12.3.0.17… VMware.VimAutomation.WorkloadManag… Desk {Disable-WMCluster, Enable-WMCluster, Get-WMCluster, Get-WMNamespace…}
Script 12.1.0.16… VMware.VumAutomation Desk {Add-EntityBaseline, Copy-Patch, Get-Baseline, Get-Compliance…}

Directory: /opt/microsoft/powershell/7/Modules

ModuleType Version PreRelease Name PSEdition ExportedCommands
---------- ------- ---------- ---- --------- ----------------
Manifest 1.2.5 Microsoft.PowerShell.Archive Desk {Compress-Archive, Expand-Archive}
Manifest 7.0.0.0 Microsoft.PowerShell.Host Core {Start-Transcript, Stop-Transcript}
Manifest 7.0.0.0 Microsoft.PowerShell.Management Core {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…}
Manifest 7.0.0.0 Microsoft.PowerShell.Security Core {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString…}
Manifest 7.0.0.0 Microsoft.PowerShell.Utility Core {Export-Alias, Get-Alias, Import-Alias, New-Alias…}
Script 1.4.7 PackageManagement Desk {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource…}
Script 2.2.5 PowerShellGet Desk {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability…}
Script 2.0.5 PSDesiredStateConfiguration Core {Configuration, New-DscChecksum, Get-DscResource, Invoke-DscResource}
Script 2.1.0 PSReadLine Desk {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get-PSReadLineOption…}
Binary 2.0.3 ThreadJob Desk Start-ThreadJob

Looking at the config though, InvalidCert is set to ignore:

PS /root> get-PowerCLIConfiguration

Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout
Seconds
----- ----------- ------------------- ------------------------ -------------------------- -------------------
Session UseSystemProxy Multiple Ignore True 300
User Ignore
AllUsers Multiple Ignore

Even setting it again:

PS /root> Set-PowerCLIConfiguration -InvalidCertificateAction ignore

Perform operation?
Performing operation 'Update PowerCLI configuration.'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y

Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout
Seconds
----- ----------- ------------------- ------------------------ -------------------------- -------------------
Session UseSystemProxy Multiple Ignore True 300
User Ignore
AllUsers Multiple Ignore

But still get SSL error when connecting to vCenter 6.0 on Windows:

PS /root> Connect-VIServer -Server vcenter -User administrator

Specify Credential
Please specify server credential
User: administrator
Password for user administrator@mitel.met: **********

Connect-VIServer: 6/18/2021 10:51:24 PM Connect-VIServer The SSL connection could not be established, see inner exception.
PS /root>

however, if I use windows 10 powershell / powercli, it connects fine:

S C:\WINDOWS\system32> Connect-VIServer -Server 80.87.18.203 

Name Port User
---- ---- ----
80.87.18.203 443 MITEL.MET\Administrator

PS C:\WINDOWS\system32> Disconnect-VIServer -Server * -Confirm:$False

Anyone have any ideas, please?

Are you actually doing it with a hostname vs an IP address?

I found the fix after contemplating this is not a powercli issue:

https://github.com/PowerShell/PowerShell/issues/14253

I have uninstalled powershell 7.1.3, installed powershell 7.0.6 and that has resolved the SSL issue

And indeed, linux has /etc/hosts configured, but just wanted a quick test from a windows terminal and just used the IP, but thanks for looking so in depth that you spotted it and questioned it, there are some wild peeps out there we would actually pull that without any DNS lookup intervention, right... 

I don't have any problem with machine A as powershell client 7.2.1

And I have problem with machine B with pcli 7.2.1

How can I solve it?

Only work on machine A

A and B are in two difference switch.I have to use B machine.

That probably shows where the issue is located.
Can the B machine reach the CA for the certificate?

I used the FQDN and it worked for my setup.

In my anecdotal case, I'd had to issue the aforementioned commandlet (Set-PowerCLIConfiguration -InvalidCertificateAction Ignore) from an elevated PowerShell v7.4.1 (r-click, Run as Administrator) first; afterwards, initiating the Connect-VIServer commandlet allowed a non-elevated PowerShell v7.4.1 (from Terminal) to succeed.

Good Luck!