PowerCLI 10 - The SSL connection could not be established, see inner exception.

Mar 5, 2018 VMware vSphere PowerCLI
Share on:

With the release of PowerCLI 10 at the end of February, unless you read the release notes first, I’m pretty sure you’ll have seen the following error message at least once when trying to connect with Connect-VIServer:

1The SSL connection could not be established, see inner exception.

This error is due to a new security behaviour in PowerCLI 10 when trying to connect to a vCenter Server which have invalid SSL certificates. Previously, PowerCLI used to warn you with a yellow error message that I imagine you’ve become pretty used to seeing, but with PowerCLI 10 the connection now fails.

PowerCLI 10 also ships with two cmdlets for configuring this behaviour: Get-PowerCLIConfiguration and Set-PowerCLIConfiguration. These cmdlets have actually been around for a while, but since an invalid certificate previously only resulted in a warning and not a connection failure, I’d guess most people rarely used them.

With a fresh install of PowerCLI 10, running the get command will present the following:

1PS C:\Users\Administrator.HOME> Get-PowerCLIConfiguration
2
3Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
4                                                                                                  Seconds
5-----    -----------     ------------------- ------------------------  -------------------------- -------------------
6Session  UseSystemProxy  Multiple            Unset                     True                       300
7User
8AllUsers

To make this error go away and allow us to connect to our vCenter Servers with invalid SSL certificates, we need to set the InvalidCertificateAction:

 1PS C:\Users\Administrator.HOME> Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
 2
 3Perform operation?
 4Performing operation 'Update PowerCLI configuration.'?
 5[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y
 6
 7Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
 8                                                                                                  Seconds
 9-----    -----------     ------------------- ------------------------  -------------------------- -------------------
10Session  UseSystemProxy  Multiple            Ignore                    True                       300
11User                                         Ignore
12AllUsers

Now PowerCLI won’t prompt or warn you at all for invalid SSL certificates, which, depending on the security configuration of your environment, is quite nice.

comments powered by Disqus