Attempting to use VMware vSphere PowerCLI’s Connect-VIServer to a vCenter instance fails with error : “The underlying connection was closed: An unexpected error occurred on a send.”
So today I ma going to sharing solution with PowerCLI and Registry .
Nature of Problem
You have VMware vSphere PowerCLI version 5.1.0.4977 installed:
If I am using the Connect-VIServer cmdlet but it immediately fails with:
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Connect-VIServer vCenter.contoso.local
Connect-VIServer : 2/22/2019 11:41:37 AM Connect-VIServer The underlying connection was closed: An unexpected error
occurred on a send.
At line:1 char:1
+ Connect-VIServer vCenter.contoso.local
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], ViError
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_WebException,VMware.VimAutomation.ViCore.Cmdl
ets.Commands.ConnectVIServer
PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI>
Solution with PowerCLI :
The reason why this error is thrown is because vCenter 6.7 only has TLS 1.2 enabled while TLS 1.0 and 1.1 is disabled by default so the older PowerCLI version installed, which attempts to connect via a one of the lower TLS versions will fail. The proper method of resolving this issue is to upgrade the old PowerCLI version to the latest one with the cmdlet Install-Module -Name VMware.PowerCLI
Another way type below command
#FORCE POWERCLI TO USE TLS1.2
=============================
PowerCLI E:\git> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Solution with Registry :
There are some registry key which you can create on the server to enable TLS 1.1 & TLS 1.2 so that communication can happen between PowerCli & vCenter server over TLS 1.2, below are the details –
For 32-bit processes, change the following registry key value to 1.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework[.NET_version]
Value: SchUseStrongCrypto (DWORD)
For 64-bit processes, in addition to the above registry key, change the following registry key value to 1.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework[.NET_version]
Value: SchUseStrongCrypto (DWORD)
Note: You must use PowerCLI 6.0 R1 or later. Earlier versions of PowerCLI work with versions of the .NET Framework that cannot use the TLSv1.1 and TLSv1.2 protocols by editing the registry.
The current version of Powercli can be checked by running “Get-PowerCLIVersion“.
Thanks hope you like it.
Rajiv Pandey.