While working with VMware PowerCLI module I was receiving below error, when connecting to vCenter or ESXi server. The system where I was working on, PowerCLI was installed for first time and I was connecting to vCenter/ESXi for first time from the system. This issue occurs due to SSL certificate installed on vCenter or Esxi is not trusted/invalid by the system where you are running PowerCLI to connect cmdlet. One of the possible solution is to download/use SSL certificate and add it to system's trusted publisher's certificate store or change SSL certificate with Certificate Authority.
Resolution Articles
How to import default vCenter server appliance VMCA root certificate and refresh CA certificate on ESXi
How to replace default vCenter VMCA certificate with Microsoft CA signed certificate
Managing ESXi SSL certificate properties from vCenter server
Forward vCenter Server Appliance logs to syslog server
Connect-VIserver starloard.vcloud-lab.com connect-viserver : 10/10/2021 9:45:05 AM Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority 'starlord.vcloud-lab.com'. At line:1 char:1 + connect-viserver starlord.vcloud-lab.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
Here is the quick resolution if you cannot or don't want to implement self-signed or certificate authority CA SSL certificate on vCenter or ESXi. You can change the behaviour using below command. I am asking what action it need to take if Invalid certificate on vCenter/ESXi. I have ignored certificate warning and proceed. You can use warn (shows certificate details) or prompt actions as well.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore Perform operation? Performing operation 'Update PowerCLI configuration.'? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Yes"): Y Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout Seconds ----- ----------- ------------------- ------------------------ -------------------------- ------------------- Session UseSystemProxy Multiple Ignore True 300 User Ignore AllUsers
Once InvalidCertificateAction is set, It is allowing to connect to vCenter/ESXi successfully.
Useful Articles
Generate new self-signed certificates for ESXi using OpenSSL
Push SSL certificates to client computers using Group Policy
Replacing a default ESXi certificate with a CA-Signed certificate
Troubleshooting replacing a corrupted certificate on Esxi server
POWERCLI AND VSPHERE WEB CLIENT: JOIN ESXI INTO ACTIVE DIRECTORY DOMAIN CONTROLLER
Resolved: Esxi Join domain failed - Error in Active Directory Operations
Join domain ESXi to an Active Directory OU : Powercli
