In the last version of the PowerCLI (v11.3.0.13990089) the "InvalidCertificateAction" setting is ignored by Connect-VIServer command.
I've executed the following command:
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -ProxyPolicy NoProxy -ParticipateInCeip $false -DisplayDeprecationWarnings:$true -DefaultVIServerMode Multiple;
With the result:
| Scope | ProxyPolicy | DefaultVIServerMode | InvalidCertificateAction | DisplayDeprecationWarnings | WebOperationTimeout |
| Seconds | |||||
| ----- | ----------- | ------------------- | ------------------------ | -------------------------- | ------------------- |
| Session | NoProxy | Multiple | Ignore | True | 300 |
| User | NoProxy | Multiple | Ignore | True | |
| AllUsers | NoProxy | Multiple | Ignore | True |
Howeber, when I execute the command:
Connect-VIServer -Server <somehost> -Verbose;
I get this error:
DETALLADO: Attempting to connect using SSPI
DETALLADO: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.
DETALLADO: Connect using SSPI was unsuccessful
DETALLADO: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.
Connect-VIServer : 04/07/2019 07:09:24 PM Connect-VIServer Error: Invalid server certificate. Use
Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect
once or to add a permanent exception for this server.
Additional Information: No se pudo establecer un canal seguro para SSL/TLS con la autoridad '<somehost>'.
En línea: 1 Carácter: 1
+ Connect-VIServer -Server <somehost> -Verbose;
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.
Cmdlets.Commands.ConnectVIServer
Apparently, the "-InvalidCertificateAction Ignore" is Ignored by the "Connect-VIServer" CmdLet
*UPDATE 2019/08/08*: Here is the entire script I'm using:
# Force the use of Windows Credentials as Proxy Auth for the current session
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials;
# Verificar si VMWare CLI está instalado
If ((Get-Module -Name VMware.PowerCLI -ListAvailable) -ne $null) {
# VMWare.PowerCLI ya se encuentra instalado
} Else {
# Verificar si el repositorio 'PSGallery' se encuentra habilitado
If ((Get-PSRepository | Select-Object -Property Name | Select-String -Pattern "PSGallery" -CaseSensitive -SimpleMatch) -ne $null) {
# El repositorio está instalado
} Else {
# Restore the Default Repository "PSGallery" "https://www.powershellgallery.com/api/v2"
Register-PSRepository -Default -Verbose;
}
# Set the Defualt Repository as Trusted
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted;
# Instalar VMWare.PowerCLI
Install-Module -Name VMware.PowerCLI;
}
# Mostrar la configuración actual de VMWare.PowerCLI
Get-PowerCLIConfiguration;
#Get-Help about_invalid_certificates;
# Permanent PowerCLI exceptions
# %USERPROFILE%\AppData\Roaming\VMware\PowerCLI\SslCertificateExceptions.csv
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false -Scope Session -ProxyPolicy UseSystemProxy -ParticipateInCeip $false -DisplayDeprecationWarnings:$true -DefaultVIServerMode Multiple;
Connect-VIServer -Server somehost.domain.com -Force -Verbose;
# List VM Machines
Get-VMHost;
# Wait for a key press to finish the script
Write-Host -NoNewLine "Press any key to continue...";
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown");