New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. #217

Open
ajohn24 opened this Issue Jun 13, 2014 · 62 comments

Comments

@ajohn24

ajohn24 commented Jun 13, 2014

Hi,
While running the vCheck script it fails while getting the hard disk info on plugin48. Seems the earlier plugin disconnects the session to the VC server. It runs fine till earlier plugins.

Get-HardDisk : 6/12/2014 9:33:00 PM Get-HardDisk Server vc.com not connected.
At C:\scripts\Core\vCheck-vSphere-master\Plugins\48 Find VM Disk Format.ps1:6 char:35

  • $vmdiskformat = $VM | Get-HardDisk <<<< | where {$.storageformat -match $diskformat} | select @{N="VM";E={$.parent.name}}, @{N="DiskName";E={$.name}}, @{N="Format";E={$.storageformat}}, @{N="F
    ileName";E={$_.filename}}
    • CategoryInfo : InvalidArgument: (:) [Get-HardDisk], ViServerConnectionException
    • FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_TryVerifyIsConnected_NotConnected,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetHardDisk

Please assist

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 13, 2014

This is with vCheck6

ajohn24 commented Jun 13, 2014

This is with vCheck6

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jun 13, 2014

Contributor

I am seeing similar errors as well after running the latest download on three different environments.
I can't tell what exactly is going on but the errors seem to go away if I disable 44 VMKernel Warnings.

Here are some of the errors I am seeing:
Get-HardDisk : 6/13/2014 4:44:37 PM Get-HardDisk The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
At E:\Scripts\vCheck\vcenter\Plugins\48 Find VM Disk Format.ps1:6 char:23

  • $vmdiskformat = $VM | Get-HardDisk | where {$_.storageformat -match
    $diskformat} ...
  •                   ~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-HardDisk], ViError
    • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
      iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetHardD
      isk

Get-View : 6/13/2014 4:44:42 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\53 Hardware status
warnings-errors.ps1:6 char:20

  • $HealthStatus = ((Get-View 
    
    ($HostsView).ConfigManager.HealthStatusSystem).runti ...
  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

Get-View : 6/13/2014 4:44:42 PM Get-View View with Id
'HostHealthStatusSystem-healthStatusSystem-10' was not found on the server(s).

At E:\Scripts\vCheck\vcenter\Plugins\53 Hardware status
warnings-errors.ps1:6 char:20

  • $HealthStatus = ((Get-View 
    
    ($HostsView).ConfigManager.HealthStatusSystem).runti ...
  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : ObjectNotFound: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_GetView_WriteNotFoundError,VMware.VimAutoma
      tion.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-view : 6/13/2014 4:44:44 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\63 Snapshot Removed.ps1:13 char:12

  • (get-view (get-view ServiceInstance -Property
    Content.EventManager).Content.Even ...
  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-view : 6/13/2014 4:44:44 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\65 Snapshot Created.ps1:13 char:12

  • (get-view (get-view ServiceInstance -Property
    Content.EventManager).Content.Even ...
  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-stat : 6/13/2014 4:44:44 PM Get-Stat The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\68 Disk Max Total Latency.ps1:12
char:29

  • $VHHMaxLatency = $VMHost | get-stat -stat "disk.maxTotalLatency.latest" 
    
    -start ...
  • CategoryInfo : NotSpecified: (:) [Get-Stat], ViError
  • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
    iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetViStats

Get-VirtualPortGroup : 6/13/2014 4:44:47 PM Get-VirtualPortGroup The
underlying connection was closed: Could not establish trust relationship for
the SSL/TLS secure channel.
At E:\Scripts\vCheck\vcenter\Plugins\98 vSwitch Security.ps1:63 char:7

  •   Get-VirtualPortGroup -VMHost $_ -Standard | % {
    
  •   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-VirtualPortGroup], ViErro
      r
    • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
      iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVirtualPortGro
      up

As mentioned previously, if I remove/disable 44 VMKernel Warnings then I get no errors at all.
Oddly I can not find anything special about the plugin or why it is now causing issues.

For others that have seen issues - can you disable/remove 44 VMKernel Warnings and see if you are still having issues?

If you have a large environment, seeing errors is not super easy via the console, it's better to pipe them to a file for easy reading - this can be done like so:
PS> .\vCheck.ps1 *> output.txt

Contributor

smasterson commented Jun 13, 2014

I am seeing similar errors as well after running the latest download on three different environments.
I can't tell what exactly is going on but the errors seem to go away if I disable 44 VMKernel Warnings.

Here are some of the errors I am seeing:
Get-HardDisk : 6/13/2014 4:44:37 PM Get-HardDisk The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
At E:\Scripts\vCheck\vcenter\Plugins\48 Find VM Disk Format.ps1:6 char:23

  • $vmdiskformat = $VM | Get-HardDisk | where {$_.storageformat -match
    $diskformat} ...
  •                   ~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-HardDisk], ViError
    • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
      iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetHardD
      isk

Get-View : 6/13/2014 4:44:42 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\53 Hardware status
warnings-errors.ps1:6 char:20

  • $HealthStatus = ((Get-View 
    
    ($HostsView).ConfigManager.HealthStatusSystem).runti ...
  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

Get-View : 6/13/2014 4:44:42 PM Get-View View with Id
'HostHealthStatusSystem-healthStatusSystem-10' was not found on the server(s).

At E:\Scripts\vCheck\vcenter\Plugins\53 Hardware status
warnings-errors.ps1:6 char:20

  • $HealthStatus = ((Get-View 
    
    ($HostsView).ConfigManager.HealthStatusSystem).runti ...
  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : ObjectNotFound: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_GetView_WriteNotFoundError,VMware.VimAutoma
      tion.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-view : 6/13/2014 4:44:44 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\63 Snapshot Removed.ps1:13 char:12

  • (get-view (get-view ServiceInstance -Property
    Content.EventManager).Content.Even ...
  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-view : 6/13/2014 4:44:44 PM Get-View The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\65 Snapshot Created.ps1:13 char:12

  • (get-view (get-view ServiceInstance -Property
    Content.EventManager).Content.Even ...
  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-View], VimException
    • FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomatio
      n.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView

get-stat : 6/13/2014 4:44:44 PM Get-Stat The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure
channel.
At E:\Scripts\vCheck\vcenter\Plugins\68 Disk Max Total Latency.ps1:12
char:29

  • $VHHMaxLatency = $VMHost | get-stat -stat "disk.maxTotalLatency.latest" 
    
    -start ...
  • CategoryInfo : NotSpecified: (:) [Get-Stat], ViError
  • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
    iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetViStats

Get-VirtualPortGroup : 6/13/2014 4:44:47 PM Get-VirtualPortGroup The
underlying connection was closed: Could not establish trust relationship for
the SSL/TLS secure channel.
At E:\Scripts\vCheck\vcenter\Plugins\98 vSwitch Security.ps1:63 char:7

  •   Get-VirtualPortGroup -VMHost $_ -Standard | % {
    
  •   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-VirtualPortGroup], ViErro
      r
    • FullyQualifiedErrorId : Client20_QueryServiceImpl_RetrievePropertiesEx_V
      iError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVirtualPortGro
      up

As mentioned previously, if I remove/disable 44 VMKernel Warnings then I get no errors at all.
Oddly I can not find anything special about the plugin or why it is now causing issues.

For others that have seen issues - can you disable/remove 44 VMKernel Warnings and see if you are still having issues?

If you have a large environment, seeing errors is not super easy via the console, it's better to pipe them to a file for easy reading - this can be done like so:
PS> .\vCheck.ps1 *> output.txt

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jun 13, 2014

Contributor

For those curious, my setup in all three environments:
PowerShell v3
PowerCLI 5.5 R2
vSphere 5.5 Update 1

Contributor

smasterson commented Jun 13, 2014

For those curious, my setup in all three environments:
PowerShell v3
PowerCLI 5.5 R2
vSphere 5.5 Update 1

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jun 15, 2014

Contributor

I'm getting some really odd/inconsistent results on this. The issue seems to come and go for no apparent reason (that I can tell). It may create errors 4 runs in a row and then run fine the next 3 runs.
Disabling 44 VMKernel Warnings does seem to help but I can't seem to figure out why that plugin would cause any issues.
I ran a few tests this morning to see if the vCenter server is actually disconnecting and in my case it is apparently not (write-host $global:DefaultVIServer prior to running each plugin).
The size of the environment doesn't seem to come into play - same results on >500 VMs as <20 VMs.
I did try the latest release build (6.20) and did not see any issues so it appears the issue has arose since then. The latest dev build will error 99% of the time on first run. For testing I am using a fresh download, changing 3 lines in GlobalVariables (Setup $false, vCenter address, SendEmail $false) and then running.

I'm stumped...may need to call in the big dogs...

Contributor

smasterson commented Jun 15, 2014

I'm getting some really odd/inconsistent results on this. The issue seems to come and go for no apparent reason (that I can tell). It may create errors 4 runs in a row and then run fine the next 3 runs.
Disabling 44 VMKernel Warnings does seem to help but I can't seem to figure out why that plugin would cause any issues.
I ran a few tests this morning to see if the vCenter server is actually disconnecting and in my case it is apparently not (write-host $global:DefaultVIServer prior to running each plugin).
The size of the environment doesn't seem to come into play - same results on >500 VMs as <20 VMs.
I did try the latest release build (6.20) and did not see any issues so it appears the issue has arose since then. The latest dev build will error 99% of the time on first run. For testing I am using a fresh download, changing 3 lines in GlobalVariables (Setup $false, vCenter address, SendEmail $false) and then running.

I'm stumped...may need to call in the big dogs...

@Sneddo Sneddo referenced this issue Jun 16, 2014

Closed

vcheck fails #218

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 16, 2014

Our environment looks like:
Powershell v2
VMware vSphere PowerCLI 5.0
vSphere 5.1U2

Admins, any updates?

ajohn24 commented Jun 16, 2014

Our environment looks like:
Powershell v2
VMware vSphere PowerCLI 5.0
vSphere 5.1U2

Admins, any updates?

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 16, 2014

BTW, the solution to disable vmkernel warning plugin does not apply since I have the plugin already disabled. And I still fail to understand how disabling the plugin would sort this issue.

ajohn24 commented Jun 16, 2014

BTW, the solution to disable vmkernel warning plugin does not apply since I have the plugin already disabled. And I still fail to understand how disabling the plugin would sort this issue.

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 16, 2014

I tried running it again and this time it is stuck on calculating VM CPU usage. Last time also I had to kill and re-run the script while it was stuck on calculating VM CPU ready%. SO there is more than one thing which needs attention.

10:00:02 PM ..start calculating VM CPU %RDY by Alan Renouf v1.1 [35 of 84]
10:14:57 PM ..finished calculating VM CPU %RDY by Alan Renouf v1.1 [35 of 84]
10:14:57 PM ..start calculating VM CPU Usage by Alan Renouf, Sam McGeown v1.3 [36 of 84]
Killed on 11:17P.M

ajohn24 commented Jun 16, 2014

I tried running it again and this time it is stuck on calculating VM CPU usage. Last time also I had to kill and re-run the script while it was stuck on calculating VM CPU ready%. SO there is more than one thing which needs attention.

10:00:02 PM ..start calculating VM CPU %RDY by Alan Renouf v1.1 [35 of 84]
10:14:57 PM ..finished calculating VM CPU %RDY by Alan Renouf v1.1 [35 of 84]
10:14:57 PM ..start calculating VM CPU Usage by Alan Renouf, Sam McGeown v1.3 [36 of 84]
Killed on 11:17P.M

@alanrenouf

This comment has been minimized.

Show comment
Hide comment
@alanrenouf

alanrenouf Jun 18, 2014

Owner

Looks like this is a .net issue, I'm wondering if there is some way to reinstall .net 3.5 or fix it?

Owner

alanrenouf commented Jun 18, 2014

Looks like this is a .net issue, I'm wondering if there is some way to reinstall .net 3.5 or fix it?

@alanrenouf

This comment has been minimized.

Show comment
Hide comment
@alanrenouf

alanrenouf Jun 18, 2014

Owner

Have you tried running the script from a different machine?

Owner

alanrenouf commented Jun 18, 2014

Have you tried running the script from a different machine?

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 18, 2014

I'll try re-installing .net today and update. Will try on a different machine too and see if it works.

ajohn24 commented Jun 18, 2014

I'll try re-installing .net today and update. Will try on a different machine too and see if it works.

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jun 18, 2014

Contributor

My results are crazy inconsistent. So far with todays build, I am not able to produce any errors. Nor is my older build producing errors any longer... Is it crazy to think I just needed a reboot? I dunno

Contributor

smasterson commented Jun 18, 2014

My results are crazy inconsistent. So far with todays build, I am not able to produce any errors. Nor is my older build producing errors any longer... Is it crazy to think I just needed a reboot? I dunno

@ajohn24

This comment has been minimized.

Show comment
Hide comment
@ajohn24

ajohn24 Jun 24, 2014

For datastore information plugin, can we ignore alerts for a array of datastore. I wanted to use wildcards but it is not working
$DatastoreIgnore ="local"

ajohn24 commented Jun 24, 2014

For datastore information plugin, can we ignore alerts for a array of datastore. I wanted to use wildcards but it is not working
$DatastoreIgnore ="local"

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jun 26, 2014

Contributor

@ajohn24 - the variable is regex (-notmatch) - please open a new issue for this if you are still having issues

vCheck fail - I am still seeing these disconnect/ssl (?) issues with the latest dev version. I can not figure out what the issue is, it seems adding/removing plugins sometimes helps but not always. Multiple environments so I don't think it's a one off thing. The latest build release (6.20) has no issues so as far as I can tell, something has been introduced that is causing the issues.

Can someone else grab a fresh copy and do some testing? I'd like to figure out where the issue is but need some more testers.

Contributor

smasterson commented Jun 26, 2014

@ajohn24 - the variable is regex (-notmatch) - please open a new issue for this if you are still having issues

vCheck fail - I am still seeing these disconnect/ssl (?) issues with the latest dev version. I can not figure out what the issue is, it seems adding/removing plugins sometimes helps but not always. Multiple environments so I don't think it's a one off thing. The latest build release (6.20) has no issues so as far as I can tell, something has been introduced that is causing the issues.

Can someone else grab a fresh copy and do some testing? I'd like to figure out where the issue is but need some more testers.

@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jul 7, 2014

Contributor

Bump...

Is anyone else able to get the latest dev version to run consistently in their environment?
I've tried four different environments now and all will bomb out with SSL/Disconnect errors. The errors appear in different plugins, at different times, even within the same environment. It's a very odd situation to say the least...

Contributor

smasterson commented Jul 7, 2014

Bump...

Is anyone else able to get the latest dev version to run consistently in their environment?
I've tried four different environments now and all will bomb out with SSL/Disconnect errors. The errors appear in different plugins, at different times, even within the same environment. It's a very odd situation to say the least...

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Jul 17, 2014

Collaborator

I've been running the latest dev copy for the last couple of days now, and not been able to replicate this fault :\ No matter what plugins I throw at it, I haven't had any SSL/Disconnect errors- including running with every plugin enabled.

Win7 x64
Powershell 2.0
PowerCLI 5.5.0.6316
vCenter 5.1 U1b

Collaborator

Sneddo commented Jul 17, 2014

I've been running the latest dev copy for the last couple of days now, and not been able to replicate this fault :\ No matter what plugins I throw at it, I haven't had any SSL/Disconnect errors- including running with every plugin enabled.

Win7 x64
Powershell 2.0
PowerCLI 5.5.0.6316
vCenter 5.1 U1b

@Scassillo

This comment has been minimized.

Show comment
Hide comment
@Scassillo

Scassillo Aug 25, 2014

HI, i wanted to inform you that I also have this problem that occurs in a random.
First I tested the latest version of vcheck Sphere on the following environment:
W7 32 bit
Powershell 4
PowerCLI 5.5 R2 patch1.

Now I've changed environment:
Windows Server 2012 R2
Powershell 4
PowerCLI 5.5 R2 patch1
8 GB RAM

In both environments the error occurs.

Scassillo commented Aug 25, 2014

HI, i wanted to inform you that I also have this problem that occurs in a random.
First I tested the latest version of vcheck Sphere on the following environment:
W7 32 bit
Powershell 4
PowerCLI 5.5 R2 patch1.

Now I've changed environment:
Windows Server 2012 R2
Powershell 4
PowerCLI 5.5 R2 patch1
8 GB RAM

In both environments the error occurs.

@Leleu256

This comment has been minimized.

Show comment
Hide comment
@Leleu256

Leleu256 Nov 28, 2014

Hi,
I have the same issue when I don't have enough free memory. I have a very large environment, and when no free RAM is available, the script hang and all i can do is disconnecting from vcenter
Disconnect-VIServer -Force:$true -Confirm:$false
Then, I kill some other programs, close my powershell script and relaunch vCheck.
I don't have another solution :

Leleu256 commented Nov 28, 2014

Hi,
I have the same issue when I don't have enough free memory. I have a very large environment, and when no free RAM is available, the script hang and all i can do is disconnecting from vcenter
Disconnect-VIServer -Force:$true -Confirm:$false
Then, I kill some other programs, close my powershell script and relaunch vCheck.
I don't have another solution :

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Jan 23, 2015

Hello All,

I have used previous version of this script in the past and love it. I think the last version I used was 5, maybe older... Lots of great improvements to the current.. Thanks all.

My Env details:
~20 ESXi server
~600 VM's

Workstation Specs:
Running vCheck: 6.23-alpha-1
PowerCLI 5.5 Realse 2 Patch 1
Powershell v3
Win7 x64 i7 w/ 24gb memory
Win7 x64 i5 w/ 4gb mem...

I've only got this script working once with emailing me the results etc. All other times I get the error we are talking about and the script dies and never emails me. The only time the script worked for me It took 57min; Not sure if thats normal or not.

I have run many scripts via PowerCLI in the past and have never seen this error message like everyone else is seeing.. I did find another website that suggested some solutions, I have not tried myself but its worth trying... I will prolly test out the suggested solutions soon. Link here: http://d-fens.ch/2013/12/20/nobrainer-ssl-connection-error-when-using-powershell/

Anything else I can do to provide more info, or testing please let me know. Here's some screenshots.... The first shows the error after going through many plugins, the second shows the error while its in the middle of parsing thru VM's... Maybe yall can get more info from the screenshots... The last screenshot shows an error sending the email... wtf...

vcheck-error4
vcheck-error5 vcheck-error6

kernelphr34k commented Jan 23, 2015

Hello All,

I have used previous version of this script in the past and love it. I think the last version I used was 5, maybe older... Lots of great improvements to the current.. Thanks all.

My Env details:
~20 ESXi server
~600 VM's

Workstation Specs:
Running vCheck: 6.23-alpha-1
PowerCLI 5.5 Realse 2 Patch 1
Powershell v3
Win7 x64 i7 w/ 24gb memory
Win7 x64 i5 w/ 4gb mem...

I've only got this script working once with emailing me the results etc. All other times I get the error we are talking about and the script dies and never emails me. The only time the script worked for me It took 57min; Not sure if thats normal or not.

I have run many scripts via PowerCLI in the past and have never seen this error message like everyone else is seeing.. I did find another website that suggested some solutions, I have not tried myself but its worth trying... I will prolly test out the suggested solutions soon. Link here: http://d-fens.ch/2013/12/20/nobrainer-ssl-connection-error-when-using-powershell/

Anything else I can do to provide more info, or testing please let me know. Here's some screenshots.... The first shows the error after going through many plugins, the second shows the error while its in the middle of parsing thru VM's... Maybe yall can get more info from the screenshots... The last screenshot shows an error sending the email... wtf...

vcheck-error4
vcheck-error5 vcheck-error6

@swerveshot

This comment has been minimized.

Show comment
Hide comment
@swerveshot

swerveshot Jan 26, 2015

Contributor

Hey @kernelphr34k,

To make troubleshooting easier for the plugins that return an error I suggest you run them seperately using the -Job parameter. Check out the documentation on the [vCheck wiki](../wiki/Job XML Specification).

Make sure to always include the following plugins:
00 Connection Plugin for vCenter.ps1
99 VeryLastPlugin Used to Disconnect.ps1

The error with the 'Sending Email' plugin looks like a problem with the number of parameters used to run the plugin. This could be a problem with your GlobalVariables file.

Contributor

swerveshot commented Jan 26, 2015

Hey @kernelphr34k,

To make troubleshooting easier for the plugins that return an error I suggest you run them seperately using the -Job parameter. Check out the documentation on the [vCheck wiki](../wiki/Job XML Specification).

Make sure to always include the following plugins:
00 Connection Plugin for vCenter.ps1
99 VeryLastPlugin Used to Disconnect.ps1

The error with the 'Sending Email' plugin looks like a problem with the number of parameters used to run the plugin. This could be a problem with your GlobalVariables file.

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k commented Jan 26, 2015

Thank you @RKleijwegt I will look into it.

This link works btw: https://github.com/alanrenouf/vCheck-vSphere/wiki/Job-XML-Specification

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Jan 26, 2015

Collaborator

I suspect this disconnection issue is related to memory usage- the few times I've been able to replicate it have been when Powershell is using a lot of memory.

As for the email failure, try the suggestion from @rkleijwegt- it may be related to the other issues, or give more information than a fairly generic exception.

Collaborator

Sneddo commented Jan 26, 2015

I suspect this disconnection issue is related to memory usage- the few times I've been able to replicate it have been when Powershell is using a lot of memory.

As for the email failure, try the suggestion from @rkleijwegt- it may be related to the other issues, or give more information than a fairly generic exception.

@swerveshot

This comment has been minimized.

Show comment
Hide comment
@swerveshot

swerveshot Jan 26, 2015

Contributor

Yeah, I'm still learning how to use those fancy GitHub markdown codes. Fixed the link now. 😄

Contributor

swerveshot commented Jan 26, 2015

Yeah, I'm still learning how to use those fancy GitHub markdown codes. Fixed the link now. 😄

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Jan 27, 2015

@Sneddo What is considered high memory usage? If one of my machines has 24gb of memory it should not matter how much is used unless there is some Powershell limitations? You would think I would see a System.OutOfMemoryException error or something like it if it was a memory usage issue. Seeing a connection issue is weird imho....

I have been testing using @RKleijwegt suggestion but seeing another error about the given path's format is not supported as well as sending email issues.... Hope the screenshot helps...

vcheck-error7

Here is my job XML file:

<vCheck> 
    <globalVariables>GlobalVariables.ps1</globalVariables> 
        <plugins path="C:\scripts\vCheck-vSphere-master\Plugins"> 
        <plugin>\00 Initialize\00 Connection Plugin for vCenter.ps1</plugin>
        <plugin>\00 Initialize\01 General Information.ps1</plugin>
        <plugin>\80 Finish\999 VeryLastPlugin Used to Disconnect.ps1</plugin>
    </plugins> 
</vCheck>```

Don't get it.... should not be this difficult... :(

@rkleijwegt hah, its ok.... I have never needed a github account till now, so learning myself. Thanks!

kernelphr34k commented Jan 27, 2015

@Sneddo What is considered high memory usage? If one of my machines has 24gb of memory it should not matter how much is used unless there is some Powershell limitations? You would think I would see a System.OutOfMemoryException error or something like it if it was a memory usage issue. Seeing a connection issue is weird imho....

I have been testing using @RKleijwegt suggestion but seeing another error about the given path's format is not supported as well as sending email issues.... Hope the screenshot helps...

vcheck-error7

Here is my job XML file:

<vCheck> 
    <globalVariables>GlobalVariables.ps1</globalVariables> 
        <plugins path="C:\scripts\vCheck-vSphere-master\Plugins"> 
        <plugin>\00 Initialize\00 Connection Plugin for vCenter.ps1</plugin>
        <plugin>\00 Initialize\01 General Information.ps1</plugin>
        <plugin>\80 Finish\999 VeryLastPlugin Used to Disconnect.ps1</plugin>
    </plugins> 
</vCheck>```

Don't get it.... should not be this difficult... :(

@rkleijwegt hah, its ok.... I have never needed a github account till now, so learning myself. Thanks!
@smasterson

This comment has been minimized.

Show comment
Hide comment
@smasterson

smasterson Jan 27, 2015

Contributor

It appears as though it doesn't like the $Filename variable and then everything bombs out from there (cascading errors).
Are you using the OutputPath parameter when running the script?
If not, the script attempts to create an htm file in $Env:TEMP - any issues creating a file there manually?

[workaround] Have you tried sending as HTML (not as an attachment)?
In GlobalVariables.ps1:
$SendAttachment = $false

Contributor

smasterson commented Jan 27, 2015

It appears as though it doesn't like the $Filename variable and then everything bombs out from there (cascading errors).
Are you using the OutputPath parameter when running the script?
If not, the script attempts to create an htm file in $Env:TEMP - any issues creating a file there manually?

[workaround] Have you tried sending as HTML (not as an attachment)?
In GlobalVariables.ps1:
$SendAttachment = $false

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Jan 27, 2015

Hello @smasterson Not sure if I should have started a new thread or what.. I apologize if I should...

I have never used the OutputPath parameter. It should be sending out an html file as an attachment. No issues with $Env:TEMP can read/write there no issues.. there's other temp files there at the minute.

I tried to use the outputpath parameter and it seems to have worked (there is an html file in my output path), but still failed to send an email with the following settings:

  • $SendAttachment = $true
  • $EmailReportEvenIfEmpty = $true
  • $DisplaytoScreen = $false

vcheck-error8

I tried again without using the outputpath parameter and $SendAttachment = $false and got the following error:

vcheck-error9

kernelphr34k commented Jan 27, 2015

Hello @smasterson Not sure if I should have started a new thread or what.. I apologize if I should...

I have never used the OutputPath parameter. It should be sending out an html file as an attachment. No issues with $Env:TEMP can read/write there no issues.. there's other temp files there at the minute.

I tried to use the outputpath parameter and it seems to have worked (there is an html file in my output path), but still failed to send an email with the following settings:

  • $SendAttachment = $true
  • $EmailReportEvenIfEmpty = $true
  • $DisplaytoScreen = $false

vcheck-error8

I tried again without using the outputpath parameter and $SendAttachment = $false and got the following error:

vcheck-error9

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Jan 28, 2015

Collaborator

@kernelphr34k I was seeing those disconnects when Powershell was using 1.5-2GB of memory. I agree that it seems odd- and quite possible that it was coincidence- but the only "unusual" thing I could see.

Really weird error you are getting with the temp directory. Can you try just putting in the following before line 737:
Write-Host $FileName
Curious to see why it is not in the correct format...

Timeout errors on the SMTP send is odd as well, I suppose it could be related to the file not saving correctly, but grasping as straws. I assume you can relay email from the machine you are running vCheck from?

Collaborator

Sneddo commented Jan 28, 2015

@kernelphr34k I was seeing those disconnects when Powershell was using 1.5-2GB of memory. I agree that it seems odd- and quite possible that it was coincidence- but the only "unusual" thing I could see.

Really weird error you are getting with the temp directory. Can you try just putting in the following before line 737:
Write-Host $FileName
Curious to see why it is not in the correct format...

Timeout errors on the SMTP send is odd as well, I suppose it could be related to the file not saving correctly, but grasping as straws. I assume you can relay email from the machine you are running vCheck from?

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Jan 28, 2015

Hi @Sneddo Unusual indeed..

So I put the Write-Host $FileName above line 737..... The file shows up in temp, I can open it, but still errors sending email. I have two SMTP servers I can use. I control one and have setup permissiosn to use.. The other is my works server and I have used this at one time and was able to get an email from it with a report. I have been switching between using both servers but mostly using my works since I had success with it once...

Screenshot shows the error and the html file it created... yet it does not attach and send.. odd.

vcheck-error10

$DisplaytoScreen = $false
$SendEmail = $true
$EmailReportEvenIfEmpty = $false
$SendAttachment = $true

Thanks again!!

kernelphr34k commented Jan 28, 2015

Hi @Sneddo Unusual indeed..

So I put the Write-Host $FileName above line 737..... The file shows up in temp, I can open it, but still errors sending email. I have two SMTP servers I can use. I control one and have setup permissiosn to use.. The other is my works server and I have used this at one time and was able to get an email from it with a report. I have been switching between using both servers but mostly using my works since I had success with it once...

Screenshot shows the error and the html file it created... yet it does not attach and send.. odd.

vcheck-error10

$DisplaytoScreen = $false
$SendEmail = $true
$EmailReportEvenIfEmpty = $false
$SendAttachment = $true

Thanks again!!

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Jan 29, 2015

Collaborator

huh, that's even weirder! Maybe it's having issues with specifying the vCenter by IP, rather than hostname? Grasping at straws though...

Can you see the logs for either SMTP server? There might be a clue as to why it is failing from the server side, unfortunately the client error is a bit useless :(

Collaborator

Sneddo commented Jan 29, 2015

huh, that's even weirder! Maybe it's having issues with specifying the vCenter by IP, rather than hostname? Grasping at straws though...

Can you see the logs for either SMTP server? There might be a clue as to why it is failing from the server side, unfortunately the client error is a bit useless :(

@djzang

This comment has been minimized.

Show comment
Hide comment
@djzang

djzang Jan 30, 2015

I've been hitting this as well:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The weird part is it seems to work fine on the first run but I will get this issue on subsequent runs of the script until the host I'm running powershell on reboots. I've tried it on two different systems with the same results

System 1:
Windows 7 Ent SP1 64-bit
VMware vSphere PowerCLI 5.8 Release 1 build 2057893
PSVersion 2.0
vCenter 5.0 Build 1300600

System 2:
Windows 2008 R2
VMware vSphere PowerCLI 5.1 Release 2 Patch 1 build 1926866
PSVersion 2.0
vCenter 5.0 Build 1300600

I do have 44 VMKernel Warnings disabled but that doesn't seem to stop the errors from popping up. It's very weird how inconsistent the errors are.

djzang commented Jan 30, 2015

I've been hitting this as well:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The weird part is it seems to work fine on the first run but I will get this issue on subsequent runs of the script until the host I'm running powershell on reboots. I've tried it on two different systems with the same results

System 1:
Windows 7 Ent SP1 64-bit
VMware vSphere PowerCLI 5.8 Release 1 build 2057893
PSVersion 2.0
vCenter 5.0 Build 1300600

System 2:
Windows 2008 R2
VMware vSphere PowerCLI 5.1 Release 2 Patch 1 build 1926866
PSVersion 2.0
vCenter 5.0 Build 1300600

I do have 44 VMKernel Warnings disabled but that doesn't seem to stop the errors from popping up. It's very weird how inconsistent the errors are.

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Feb 2, 2015

@Sneddo hahaha odd I know!!!!! So these issues I'm having may be due to my network env. I'm in R/D, but they have us on a production network with tons of firewall rules afaik..

I copied the entire vCheck folder over to my vCenter server and it seems to be working fine using one SMTP server, the other not getting the emails but looking at logs. This should be my last msg on this thread as my issue has gone way beyond the initial issue problem.. Thanks for the help and working with me!!!

kernelphr34k commented Feb 2, 2015

@Sneddo hahaha odd I know!!!!! So these issues I'm having may be due to my network env. I'm in R/D, but they have us on a production network with tons of firewall rules afaik..

I copied the entire vCheck folder over to my vCenter server and it seems to be working fine using one SMTP server, the other not getting the emails but looking at logs. This should be my last msg on this thread as my issue has gone way beyond the initial issue problem.. Thanks for the help and working with me!!!

@Leleu256

This comment has been minimized.

Show comment
Hide comment
@Leleu256

Leleu256 Mar 3, 2015

Hello,
For the problem about "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. "

I have a crappy workaround (vCheck.ps1 - Starting line 642)

$vCheckPlugins | Foreach {
$TableFormat = $null
try{
$PluginInfo = Get-PluginID $.Fullname
$p++
Write-CustomOut ($lang.pluginStart -f $PluginInfo["Title"], $PluginInfo["Author"], $PluginInfo["Version"], $p, $vCheckPlugins.count)
$pluginStatus = ($lang.pluginStatus -f $p, $vCheckPlugins.count, $
.Name)
Write-Progress -ID 1 -Activity $lang.pluginActivity -Status $pluginStatus -PercentComplete (100*$p/($vCheckPlugins.count))
$TTR = [math]::round((Measure-Command {$Details = . $_.FullName}).TotalSeconds, 2)

  Write-CustomOut ($lang.pluginEnd -f $PluginInfo["Title"], $PluginInfo["Author"], $PluginInfo["Version"], $p, $vCheckPlugins.count)

  $PluginResult += New-Object PSObject -Property @{"Title" = $PluginInfo["Title"];
                                                   "Author" = $PluginInfo["Author"];
                                                   "Version" = $PluginInfo["Version"];
                                                   "Details" = $Details;
                                                   "Display" = $Display;
                                                   "TableFormat" = $TableFormat;
                                                   "Header" = $Header;
                                                   "Comments" = $Comments;
                                                   "TimeToRun" = $TTR; }

} catch {
Write-Output "Plugin "+($PluginInfo["Title"])+" has failed... Ignoring result" -ForegroundColor red -BackgroundColor black
Disconnect-VIServer -Force:$true -Confirm:$false *
Connect-VIServer $VIServer
}

}

Leleu256 commented Mar 3, 2015

Hello,
For the problem about "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. "

I have a crappy workaround (vCheck.ps1 - Starting line 642)

$vCheckPlugins | Foreach {
$TableFormat = $null
try{
$PluginInfo = Get-PluginID $.Fullname
$p++
Write-CustomOut ($lang.pluginStart -f $PluginInfo["Title"], $PluginInfo["Author"], $PluginInfo["Version"], $p, $vCheckPlugins.count)
$pluginStatus = ($lang.pluginStatus -f $p, $vCheckPlugins.count, $
.Name)
Write-Progress -ID 1 -Activity $lang.pluginActivity -Status $pluginStatus -PercentComplete (100*$p/($vCheckPlugins.count))
$TTR = [math]::round((Measure-Command {$Details = . $_.FullName}).TotalSeconds, 2)

  Write-CustomOut ($lang.pluginEnd -f $PluginInfo["Title"], $PluginInfo["Author"], $PluginInfo["Version"], $p, $vCheckPlugins.count)

  $PluginResult += New-Object PSObject -Property @{"Title" = $PluginInfo["Title"];
                                                   "Author" = $PluginInfo["Author"];
                                                   "Version" = $PluginInfo["Version"];
                                                   "Details" = $Details;
                                                   "Display" = $Display;
                                                   "TableFormat" = $TableFormat;
                                                   "Header" = $Header;
                                                   "Comments" = $Comments;
                                                   "TimeToRun" = $TTR; }

} catch {
Write-Output "Plugin "+($PluginInfo["Title"])+" has failed... Ignoring result" -ForegroundColor red -BackgroundColor black
Disconnect-VIServer -Force:$true -Confirm:$false *
Connect-VIServer $VIServer
}

}

@PaulWalkerUK

This comment has been minimized.

Show comment
Hide comment
@PaulWalkerUK

PaulWalkerUK Mar 3, 2015

Contributor

I quite like this idea of catching errors from plugins in vCheck.ps1 and handling them cleanly.

From my own personal perspective, I use vCheck for a couple of different systems, but they're not VM-related, so I replace the whole plugins folder with my own. So for me, I would prefer it if vCheck.ps1 was kept generic and didn't have calls to things like disconnect/connect.

Maybe there could be some kind of special "recovery" plugin that would contain code like this (or whatever recovery code other variations might need) that would only be called if an error was detected here?

Contributor

PaulWalkerUK commented Mar 3, 2015

I quite like this idea of catching errors from plugins in vCheck.ps1 and handling them cleanly.

From my own personal perspective, I use vCheck for a couple of different systems, but they're not VM-related, so I replace the whole plugins folder with my own. So for me, I would prefer it if vCheck.ps1 was kept generic and didn't have calls to things like disconnect/connect.

Maybe there could be some kind of special "recovery" plugin that would contain code like this (or whatever recovery code other variations might need) that would only be called if an error was detected here?

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Mar 3, 2015

Collaborator

Yeah, agreed. Needs a bit of a tweak (as @PaulWalkerUK mentioned, we should keep vCheck as generic as possible), but I like the idea of at least gracefully catching the error until we can work out why we are getting this issue.

Collaborator

Sneddo commented Mar 3, 2015

Yeah, agreed. Needs a bit of a tweak (as @PaulWalkerUK mentioned, we should keep vCheck as generic as possible), but I like the idea of at least gracefully catching the error until we can work out why we are getting this issue.

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Mar 9, 2015

Collaborator

So, I stumbled across this today:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/07/30/learn-how-to-configure-powershell-memory.aspx

I wonder if bumping up the MaxMemoryPerShellMB setting will help with this issue... anyone that consistently gets this error able to test?

Collaborator

Sneddo commented Mar 9, 2015

So, I stumbled across this today:
http://blogs.technet.com/b/heyscriptingguy/archive/2013/07/30/learn-how-to-configure-powershell-memory.aspx

I wonder if bumping up the MaxMemoryPerShellMB setting will help with this issue... anyone that consistently gets this error able to test?

@jones-g

This comment has been minimized.

Show comment
Hide comment
@jones-g

jones-g Mar 10, 2015

Contributor

@Sneddo

I have just configured the max memory to 2048MB and will see if this solves the problem when tonights reports run. Im not getting it consistently but almost every night on report fails.

Contributor

jones-g commented Mar 10, 2015

@Sneddo

I have just configured the max memory to 2048MB and will see if this solves the problem when tonights reports run. Im not getting it consistently but almost every night on report fails.

@djzang

This comment has been minimized.

Show comment
Hide comment
@djzang

djzang Mar 10, 2015

@Sneddo
I set max memory to 4096 using:
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="4096"}'
Not sure if I'm setting it correctly??
However, I'm still getting the error:
image

djzang commented Mar 10, 2015

@Sneddo
I set max memory to 4096 using:
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="4096"}'
Not sure if I'm setting it correctly??
However, I'm still getting the error:
image

@kernelphr34k

This comment has been minimized.

Show comment
Hide comment
@kernelphr34k

kernelphr34k Mar 10, 2015

@Sneddo - Good find! My MaxMemoryPerShellMB was set to 150mb, set it to 2048mb. I tried to run vCheck and got the error again. So I set the MaxProcessesPerShell to 25, exited the powershell command prompt and reopened. Tried vCheck again and no errors. I'm doing a job with a lot less modulus, but there was a time I was seeing that error on my job.

kernelphr34k commented Mar 10, 2015

@Sneddo - Good find! My MaxMemoryPerShellMB was set to 150mb, set it to 2048mb. I tried to run vCheck and got the error again. So I set the MaxProcessesPerShell to 25, exited the powershell command prompt and reopened. Tried vCheck again and no errors. I'm doing a job with a lot less modulus, but there was a time I was seeing that error on my job.

@jones-g

This comment has been minimized.

Show comment
Hide comment
@jones-g

jones-g Mar 11, 2015

Contributor

@Sneddo @kernelphr34k tried setting MaxMemoryPerShellMB to 2048 and the report still failed this evening. I will try setting the MaxProcessesPerShell to 35 (mine is 25 by default).

Contributor

jones-g commented Mar 11, 2015

@Sneddo @kernelphr34k tried setting MaxMemoryPerShellMB to 2048 and the report still failed this evening. I will try setting the MaxProcessesPerShell to 35 (mine is 25 by default).

@djzang

This comment has been minimized.

Show comment
Hide comment
@djzang

djzang Mar 11, 2015

After changing MaxProcessesPerShell from 15 to 30 it looks like I'm not seeing the error anymore. I'll keep testing.

djzang commented Mar 11, 2015

After changing MaxProcessesPerShell from 15 to 30 it looks like I'm not seeing the error anymore. I'll keep testing.

@jones-g

This comment has been minimized.

Show comment
Hide comment
@jones-g

jones-g Mar 12, 2015

Contributor

@Sneddo @kernelphr34k @djzang I set it to MaxProcessesPerShell to 35 but that did not help. If I run the report now there is now problem but running it at 1.30 during the night fails. I have tried moving the scheduled task to execute earlier in the night and if that does not help I will try setting it for early in the morning instead.

Contributor

jones-g commented Mar 12, 2015

@Sneddo @kernelphr34k @djzang I set it to MaxProcessesPerShell to 35 but that did not help. If I run the report now there is now problem but running it at 1.30 during the night fails. I have tried moving the scheduled task to execute earlier in the night and if that does not help I will try setting it for early in the morning instead.

@Leleu256

This comment has been minimized.

Show comment
Hide comment
@Leleu256

Leleu256 Mar 12, 2015

Maybe your scheduled task did not use the same account as you.
I use another account to perform the query than everyday work.
I change the max process value to 25 (and memory...) and the problem disappeared

Le 12 mars 2015 à 08:32, Jonas G notifications@github.com a écrit :

@Sneddo @kernelphr34k @djzang I set it to MaxProcessesPerShell to 35 but that did not help. If I run the report now there is now problem but running it at 1.30 during the night fails. I have tried moving the scheduled task to execute earlier in the night and if that does not help I will try setting it for early in the morning instead.


Reply to this email directly or view it on GitHub.

Leleu256 commented Mar 12, 2015

Maybe your scheduled task did not use the same account as you.
I use another account to perform the query than everyday work.
I change the max process value to 25 (and memory...) and the problem disappeared

Le 12 mars 2015 à 08:32, Jonas G notifications@github.com a écrit :

@Sneddo @kernelphr34k @djzang I set it to MaxProcessesPerShell to 35 but that did not help. If I run the report now there is now problem but running it at 1.30 during the night fails. I have tried moving the scheduled task to execute earlier in the night and if that does not help I will try setting it for early in the morning instead.


Reply to this email directly or view it on GitHub.

@jones-g

This comment has been minimized.

Show comment
Hide comment
@jones-g

jones-g Mar 12, 2015

Contributor

@Leleu256 I asked the Task Scheduler in Windows to run it for me exactly the same as if it triggered at a specified time so it is running as the same user.

Contributor

jones-g commented Mar 12, 2015

@Leleu256 I asked the Task Scheduler in Windows to run it for me exactly the same as if it triggered at a specified time so it is running as the same user.

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Mar 12, 2015

Collaborator

hmmmm interesting results... what version of Powershell is everyone running? Let's see how this goes over the next few days.

Collaborator

Sneddo commented Mar 12, 2015

hmmmm interesting results... what version of Powershell is everyone running? Let's see how this goes over the next few days.

@DaveBF

This comment has been minimized.

Show comment
Hide comment
@DaveBF

DaveBF Mar 13, 2015

Contributor

During my testing of v6.22, I attempted to run this plugin and it ran for 3-4 hours before I just finally killed the script. I was thinking at the time it just took a long time to run and I didn't want the script running for that long.

Running Powershell v4 and PowerCLI 5.8 Release 1

Contributor

DaveBF commented Mar 13, 2015

During my testing of v6.22, I attempted to run this plugin and it ran for 3-4 hours before I just finally killed the script. I was thinking at the time it just took a long time to run and I didn't want the script running for that long.

Running Powershell v4 and PowerCLI 5.8 Release 1

@JoJack82

This comment has been minimized.

Show comment
Hide comment
@JoJack82

JoJack82 Jul 23, 2015

I set my MaxMemoryPerShellMB 4096mb and MaxProcessesPerShell to 35 but I still get this error. Anyone else have have a solution?

Get-Datacenter : 7/23/2015 3:26:26 PM Get-Datacenter The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

JoJack82 commented Jul 23, 2015

I set my MaxMemoryPerShellMB 4096mb and MaxProcessesPerShell to 35 but I still get this error. Anyone else have have a solution?

Get-Datacenter : 7/23/2015 3:26:26 PM Get-Datacenter The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

@Sneddo Sneddo changed the title from vcheck script fail to The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Jul 29, 2015

@danimalrowe

This comment has been minimized.

Show comment
Hide comment
@danimalrowe

danimalrowe Aug 27, 2015

Contributor

Modified script to resolve issue #217 at my site for script "79 Find VMs in Uncontrolled Snapshot Mode.ps1". The change was made to search each Datastore for all VM directories that have files named like delta.vmdk and -*-flat.vmdk. In doing the file search this way there is only 2 calls per Datastore and only getting the information needed not other files that are not needed. This eliminates calling Get-Datacenter and retrieving all files for each VM. I have some questions about the following line of code in the current script

if ($file.Name -like '*delta.vmdk*' -or $file -like '-*-flat.vmdk') {

Should the 'or' portion of the statement be $file or $file.Name? I am assuming it should be $file.Name. And is the file to start with '-' (a hyphen)?

At my site the current version of "79 Find VMs in Uncontrolled Snapshot Mode.ps1" it ran for 2:40:03 and with this version it runs in 0:16:20 and I was able to run it with all the full vCheck.ps1 run. At my sight we do not have any uncontrolled snapshots showing up with either version so I would appreciate it if someone could verify that it works the same as the original version.

Our site consists of the following
Number of Datastores: 67
Active VMs: 603

I had tried setting the Memory size and Timeout length and they seemed to help sometimes and not others. With this script I have set everything back to original settings and it runs fine.

See Pull Request #417

Thank you

Contributor

danimalrowe commented Aug 27, 2015

Modified script to resolve issue #217 at my site for script "79 Find VMs in Uncontrolled Snapshot Mode.ps1". The change was made to search each Datastore for all VM directories that have files named like delta.vmdk and -*-flat.vmdk. In doing the file search this way there is only 2 calls per Datastore and only getting the information needed not other files that are not needed. This eliminates calling Get-Datacenter and retrieving all files for each VM. I have some questions about the following line of code in the current script

if ($file.Name -like '*delta.vmdk*' -or $file -like '-*-flat.vmdk') {

Should the 'or' portion of the statement be $file or $file.Name? I am assuming it should be $file.Name. And is the file to start with '-' (a hyphen)?

At my site the current version of "79 Find VMs in Uncontrolled Snapshot Mode.ps1" it ran for 2:40:03 and with this version it runs in 0:16:20 and I was able to run it with all the full vCheck.ps1 run. At my sight we do not have any uncontrolled snapshots showing up with either version so I would appreciate it if someone could verify that it works the same as the original version.

Our site consists of the following
Number of Datastores: 67
Active VMs: 603

I had tried setting the Memory size and Timeout length and they seemed to help sometimes and not others. With this script I have set everything back to original settings and it runs fine.

See Pull Request #417

Thank you

Sneddo added a commit that referenced this issue Oct 4, 2015

Merge pull request #417 from danimalrowe/dev
Update 79 Find VMs in Uncontrolled Snapshot Mode.ps1 Issue #217
@stacycarter

This comment has been minimized.

Show comment
Hide comment
@stacycarter

stacycarter Jan 21, 2016

I've been hitting the "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" error intermittently whenever I try and run PowerCLI scripts from a 2008 R2 server running PowerCLI R1 (was able to recreate errors from two different 2008 R2 scripting servers, and against two different vCenter 5.5 U2/3 servers). Tried a couple of tweaks that were talked about in this thread, but that did not resolve the issue. I recently moved, my scripts to a 2012 R2 server running PowerCLI 6.0 R3, and it appears that this resolved the issue.

stacycarter commented Jan 21, 2016

I've been hitting the "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" error intermittently whenever I try and run PowerCLI scripts from a 2008 R2 server running PowerCLI R1 (was able to recreate errors from two different 2008 R2 scripting servers, and against two different vCenter 5.5 U2/3 servers). Tried a couple of tweaks that were talked about in this thread, but that did not resolve the issue. I recently moved, my scripts to a 2012 R2 server running PowerCLI 6.0 R3, and it appears that this resolved the issue.

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Jan 25, 2016

Collaborator

Interesting...are the server specs the same, and same version of WMF?

Collaborator

Sneddo commented Jan 25, 2016

Interesting...are the server specs the same, and same version of WMF?

@stacycarter

This comment has been minimized.

Show comment
Hide comment
@stacycarter

stacycarter Jan 26, 2016

Both servers have plenty of resources (ie CPU, Memory). Same version of WMF.
Question for those that ran into this same TLS/SSL intermittent errors issue - does this fix work for you as well (ie running script from 2012 R2 server with PowerCLI 6.0 R3)?

stacycarter commented Jan 26, 2016

Both servers have plenty of resources (ie CPU, Memory). Same version of WMF.
Question for those that ran into this same TLS/SSL intermittent errors issue - does this fix work for you as well (ie running script from 2012 R2 server with PowerCLI 6.0 R3)?

@meoso

This comment has been minimized.

Show comment
Hide comment
@meoso

meoso Feb 5, 2016

I'm having this problem without a true resolve triggered by 84 VMDK consistency.ps1, 109 Orphaned VMDK File.ps1, and 79 Find VMs in Uncontrolled Snapshot Mode.ps1 (uncertain of consistency)

I've tried the following:
$SendAttachment = $false even though i prefer the inverse

winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="3072"}'
winrm set winrm/config/winrs '@{MaxProcessesPerShell="100"}'

However, if i create a job XML, with only those plugins, they run without fail.

Therfore I am thinking that possibly releasing/clearing of variables is needed in between plugins.

meoso commented Feb 5, 2016

I'm having this problem without a true resolve triggered by 84 VMDK consistency.ps1, 109 Orphaned VMDK File.ps1, and 79 Find VMs in Uncontrolled Snapshot Mode.ps1 (uncertain of consistency)

I've tried the following:
$SendAttachment = $false even though i prefer the inverse

winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="3072"}'
winrm set winrm/config/winrs '@{MaxProcessesPerShell="100"}'

However, if i create a job XML, with only those plugins, they run without fail.

Therfore I am thinking that possibly releasing/clearing of variables is needed in between plugins.

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Feb 7, 2016

Collaborator

Therfore I am thinking that possibly releasing/clearing of variables is needed in between plugins.

Possibly... there are a lot of plugins that store a result in a variable, mostly to get the count in the plugin title. This can be achieved a better way with the [count] replacement. Probably worth going through and fixing them up at some point.

Not sure if it will be a fix, as it will likely be outweighed by the global info collection, but sure to help a little.

Collaborator

Sneddo commented Feb 7, 2016

Therfore I am thinking that possibly releasing/clearing of variables is needed in between plugins.

Possibly... there are a lot of plugins that store a result in a variable, mostly to get the count in the plugin title. This can be achieved a better way with the [count] replacement. Probably worth going through and fixing them up at some point.

Not sure if it will be a fix, as it will likely be outweighed by the global info collection, but sure to help a little.

@jtinouye

This comment has been minimized.

Show comment
Hide comment
@jtinouye

jtinouye Mar 8, 2016

I also had this particular error and was able to alleviate it by running the following command in my powercli environment:

set-powercliconfiguration -weboperationtimeoutseconds -1

jtinouye commented Mar 8, 2016

I also had this particular error and was able to alleviate it by running the following command in my powercli environment:

set-powercliconfiguration -weboperationtimeoutseconds -1

@MitoTranin

This comment has been minimized.

Show comment
Hide comment
@MitoTranin

MitoTranin May 6, 2016

I ran into this issue when I was running the vCheck against my larger vCenter servers, but ONLY when running it with a jobfile. If I ran the check natively (ie: without a job XML file) it would run successfully, but when I ran it with a job file, I would receive these errors. At first I did not care too much, but eventually I got to the point where I wrote a custom wrapper script to run vCheck against a handful of different servers sequentially, and thus needed the job parameter to be able to specify the different vCenter servers to connect to.

I followed jtinouye's suggestion, and it works great. I have not encountered the error since. I wasn't sure I wanted to make that change permanently or not for the entire utility server, so I just added this line to the wrapper script:

set-powercliconfiguration -weboperationtimeoutseconds -1 -scope Session -confirm:$false

For those interested, here is main logic portion of the wrapper script that allows it to run against multiple vCenter servers sequentially:

$Jobs = @()
# List all of the job file names that will need to be ran, in order
$Jobs += "Server1.xml"
$Jobs += "Server2.xml"
$Jobs += "Server3.xml"
$Jobs += "Server4.xml"

# Report Base Path
$ReportPath = "\Reports"

# Turn off timeout for web operations to alieviate issues with the SSL session being disconnected
# https://github.com/alanrenouf/vCheck-vSphere/issues/217
set-powercliconfiguration -weboperationtimeoutseconds -1 -scope Session -confirm:$false

$vCheckBasePath = (Resolve-Path .\).Path
$vCheckCMD = $vCheckBasePath + "\vCheck.ps1"

# Build output directory path
$DateYear = Get-Date -Format "yyyy"
$DateMonth = Get-Date -Format "MM"
$DateDay = Get-Date -Format "dd"

#   NOTE: Change the following line in vCheck.ps1 to ensure you do not double-organize your reports!
#OLD   $ArchiveFilePath = $Outputpath + "\Archives\" + $VIServer
#NEW   $ArchiveFilePath = $Outputpath

$OutputPath = $vCheckBasePath + $ReportPath + "\" + $DateYear + "\" + $DateMonth + "\" + $DateDay
if (-not (Test-Path -PathType Container $OutputPath)) { New-Item $OutputPath -type directory | Out-Null }

# Run vCheck Reports
foreach ($JobFile in $Jobs) {
    Invoke-Expression "& `"$vCheckCMD`" -job $JobFile -Outputpath $OutputPath"
}

MitoTranin commented May 6, 2016

I ran into this issue when I was running the vCheck against my larger vCenter servers, but ONLY when running it with a jobfile. If I ran the check natively (ie: without a job XML file) it would run successfully, but when I ran it with a job file, I would receive these errors. At first I did not care too much, but eventually I got to the point where I wrote a custom wrapper script to run vCheck against a handful of different servers sequentially, and thus needed the job parameter to be able to specify the different vCenter servers to connect to.

I followed jtinouye's suggestion, and it works great. I have not encountered the error since. I wasn't sure I wanted to make that change permanently or not for the entire utility server, so I just added this line to the wrapper script:

set-powercliconfiguration -weboperationtimeoutseconds -1 -scope Session -confirm:$false

For those interested, here is main logic portion of the wrapper script that allows it to run against multiple vCenter servers sequentially:

$Jobs = @()
# List all of the job file names that will need to be ran, in order
$Jobs += "Server1.xml"
$Jobs += "Server2.xml"
$Jobs += "Server3.xml"
$Jobs += "Server4.xml"

# Report Base Path
$ReportPath = "\Reports"

# Turn off timeout for web operations to alieviate issues with the SSL session being disconnected
# https://github.com/alanrenouf/vCheck-vSphere/issues/217
set-powercliconfiguration -weboperationtimeoutseconds -1 -scope Session -confirm:$false

$vCheckBasePath = (Resolve-Path .\).Path
$vCheckCMD = $vCheckBasePath + "\vCheck.ps1"

# Build output directory path
$DateYear = Get-Date -Format "yyyy"
$DateMonth = Get-Date -Format "MM"
$DateDay = Get-Date -Format "dd"

#   NOTE: Change the following line in vCheck.ps1 to ensure you do not double-organize your reports!
#OLD   $ArchiveFilePath = $Outputpath + "\Archives\" + $VIServer
#NEW   $ArchiveFilePath = $Outputpath

$OutputPath = $vCheckBasePath + $ReportPath + "\" + $DateYear + "\" + $DateMonth + "\" + $DateDay
if (-not (Test-Path -PathType Container $OutputPath)) { New-Item $OutputPath -type directory | Out-Null }

# Run vCheck Reports
foreach ($JobFile in $Jobs) {
    Invoke-Expression "& `"$vCheckCMD`" -job $JobFile -Outputpath $OutputPath"
}
@rnelson0

This comment has been minimized.

Show comment
Hide comment
@rnelson0

rnelson0 Sep 7, 2016

Contributor

I am receiving the same error as described in the original post. It seems there are a number of potential fixes, but none are pinpointed as the actual fix. Has any progress been made on this recently, and if not, how can we help progress this?

Contributor

rnelson0 commented Sep 7, 2016

I am receiving the same error as described in the original post. It seems there are a number of potential fixes, but none are pinpointed as the actual fix. Has any progress been made on this recently, and if not, how can we help progress this?

@meoso

This comment has been minimized.

Show comment
Hide comment
@meoso

meoso Sep 8, 2016

@rnelson0 , i added jtinouye's recommendation into my vCheck.ps1 also. this is the edit i put directly before the Internationalization comment around line 70'ish.

### MY EDIT ############################################################
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="3072"}'
winrm set winrm/config/winrs '@{MaxProcessesPerShell="100"}'
set-powercliconfiguration -weboperationtimeoutseconds -1 -Confirm:$False
########################################################################

I also tried $WarningPreference = "SilentlyContinue" at some point, but commented it out in my final run, i don't recall if it helped or hurt, or neither.

If you haven't already, definitely look into running with custom .xml's as reducing the used plugins to only what you really want will help with unexpected errors.

meoso commented Sep 8, 2016

@rnelson0 , i added jtinouye's recommendation into my vCheck.ps1 also. this is the edit i put directly before the Internationalization comment around line 70'ish.

### MY EDIT ############################################################
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="3072"}'
winrm set winrm/config/winrs '@{MaxProcessesPerShell="100"}'
set-powercliconfiguration -weboperationtimeoutseconds -1 -Confirm:$False
########################################################################

I also tried $WarningPreference = "SilentlyContinue" at some point, but commented it out in my final run, i don't recall if it helped or hurt, or neither.

If you haven't already, definitely look into running with custom .xml's as reducing the used plugins to only what you really want will help with unexpected errors.

@rnelson0

This comment has been minimized.

Show comment
Hide comment
@rnelson0

rnelson0 Sep 17, 2016

Contributor

@meoso thanks, I have found Remove-vCheckPlugin and have used that to tweak things down, seems to have the net result of fixing it as well, but I will keep those settings in mind if it comes back.

One thing to note, I am running this locally. Would WinRM settings apply in that case, and if so, why?

Contributor

rnelson0 commented Sep 17, 2016

@meoso thanks, I have found Remove-vCheckPlugin and have used that to tweak things down, seems to have the net result of fixing it as well, but I will keep those settings in mind if it comes back.

One thing to note, I am running this locally. Would WinRM settings apply in that case, and if so, why?

@rnelson0

This comment has been minimized.

Show comment
Hide comment
@rnelson0

rnelson0 Sep 20, 2016

Contributor

@meoso Hrm, I still run into the issue but FAR less. See https://gist.github.com/rnelson0/a1acf936d858adc3836c130418cbe8e6, don't want to flood the ticket with the error reports. Any suggestions for further tweaking, or are those causes perhaps separate?

Contributor

rnelson0 commented Sep 20, 2016

@meoso Hrm, I still run into the issue but FAR less. See https://gist.github.com/rnelson0/a1acf936d858adc3836c130418cbe8e6, don't want to flood the ticket with the error reports. Any suggestions for further tweaking, or are those causes perhaps separate?

@Mothra13

This comment has been minimized.

Show comment
Hide comment
@Mothra13

Mothra13 May 12, 2017

Just wanted to add a couple notes. I run a powercli script out of Jenkins using a win7 node to execute the modules. The script will loop through a collection of ~1k VMs looking at vievents. With no real pattern I would see the occasional 'Get-VIEvent Could not establish secure channel for SSL/TLS with authority'. It would not bomb out, continuing on just fine. It would happen every run to a very small number of VMs, but not the same ones.

For me bumping up memory from 16GB to 32GB on the node the runs this script seems to have put this to bed. Figured I would share what was a simple fix in the end.

Mothra13 commented May 12, 2017

Just wanted to add a couple notes. I run a powercli script out of Jenkins using a win7 node to execute the modules. The script will loop through a collection of ~1k VMs looking at vievents. With no real pattern I would see the occasional 'Get-VIEvent Could not establish secure channel for SSL/TLS with authority'. It would not bomb out, continuing on just fine. It would happen every run to a very small number of VMs, but not the same ones.

For me bumping up memory from 16GB to 32GB on the node the runs this script seems to have put this to bed. Figured I would share what was a simple fix in the end.

@maZuFC

This comment has been minimized.

Show comment
Hide comment
@maZuFC

maZuFC Jul 13, 2017

im having this issue as well

Get-VDSwitch : 13/07/2017 10:07:13 Get-VDSwitch Could not establish trust relationship for the SSL/TLS secure channel with authority 'vcenter.domain.com'.
At C:\vcheck\Plugins\60 VM\200 VMs on ephemeral portgroup.ps1:4 char:16

  • $EphemeralPG = Get-VDSwitch | Get-VDPortgroup | where {$_.PortBinding -eq "Ephem ...
  •            ~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-VDSwitch], ViError
    • FullyQualifiedErrorId : Vds_VDServiceImpl_GetVDSwitchAll_ViError,VMware.VimAutomation.Vds.Commands.GetVDSwitch

Get-NetworkAdapter : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do
not match any of the parameters that take pipeline input.
At C:\vcheck\Plugins\60 VM\200 VMs on ephemeral portgroup.ps1:5 char:9

  • @($VM | Get-NetworkAdapter | where {$_.NetworkName -contains $EphemeralPG} | Sel ...
  •     ~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : InvalidArgument: (VMware.Vim.VirtualMachine:PSObject) [Get-NetworkAdapter], ParameterBindingException
    • FullyQualifiedErrorId : InputObjectNotBound,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetNetworkAdapter

i have a lot of these entries pointing to SSL/TLS secure channel... could it be a dodgy certificate?
just wondering if recreating the certificate would help....

maZuFC commented Jul 13, 2017

im having this issue as well

Get-VDSwitch : 13/07/2017 10:07:13 Get-VDSwitch Could not establish trust relationship for the SSL/TLS secure channel with authority 'vcenter.domain.com'.
At C:\vcheck\Plugins\60 VM\200 VMs on ephemeral portgroup.ps1:4 char:16

  • $EphemeralPG = Get-VDSwitch | Get-VDPortgroup | where {$_.PortBinding -eq "Ephem ...
  •            ~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Get-VDSwitch], ViError
    • FullyQualifiedErrorId : Vds_VDServiceImpl_GetVDSwitchAll_ViError,VMware.VimAutomation.Vds.Commands.GetVDSwitch

Get-NetworkAdapter : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do
not match any of the parameters that take pipeline input.
At C:\vcheck\Plugins\60 VM\200 VMs on ephemeral portgroup.ps1:5 char:9

  • @($VM | Get-NetworkAdapter | where {$_.NetworkName -contains $EphemeralPG} | Sel ...
  •     ~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : InvalidArgument: (VMware.Vim.VirtualMachine:PSObject) [Get-NetworkAdapter], ParameterBindingException
    • FullyQualifiedErrorId : InputObjectNotBound,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetNetworkAdapter

i have a lot of these entries pointing to SSL/TLS secure channel... could it be a dodgy certificate?
just wondering if recreating the certificate would help....

@maZuFC

This comment has been minimized.

Show comment
Hide comment
@maZuFC

maZuFC Jul 14, 2017

definitely seems this is a intermittent problem
like everybody else have not been able to identify a root cause of this .. ive spent a couple of days on this now and im getting fed up with it
damage limitations for now...

for our environment ive had to disable the following plugins

79 Find VMs in Uncontrolled Snapshot Mode
106 Find Phantom Snapshots
108 SRM RPO Violations
202 VMs MMU Configuration

disabling these has made the script run a lot better but still has its faults at random times.. its not perfect but does seem to be more stable.

ill keep checking the thread and updates to see if this issue is resolved.

maZuFC commented Jul 14, 2017

definitely seems this is a intermittent problem
like everybody else have not been able to identify a root cause of this .. ive spent a couple of days on this now and im getting fed up with it
damage limitations for now...

for our environment ive had to disable the following plugins

79 Find VMs in Uncontrolled Snapshot Mode
106 Find Phantom Snapshots
108 SRM RPO Violations
202 VMs MMU Configuration

disabling these has made the script run a lot better but still has its faults at random times.. its not perfect but does seem to be more stable.

ill keep checking the thread and updates to see if this issue is resolved.

@rnelson0

This comment has been minimized.

Show comment
Hide comment
@rnelson0

rnelson0 Aug 23, 2017

Contributor

In working with VMware Support, it was determined that the use of the bundled self-signed/untrusted certs was causing the issue. You can get the cert bundle from https://vcenter.example.com on the right hand side, bottom link. Once I added the CA to the Trusted CAs in the certificate store, I could NOT get this error to reproduce; removing the CA immediately brought it back. I'm pretty confident this is the fix.

To ensure I'm explaining it properly, I wrote a blog post which goes into greater detail on the findings and remediation. As emphasized there, I've only been testing it this way for a month, but I've had 0% errors across upwards of 30 manual runs in that time. I think this really is it.

Contributor

rnelson0 commented Aug 23, 2017

In working with VMware Support, it was determined that the use of the bundled self-signed/untrusted certs was causing the issue. You can get the cert bundle from https://vcenter.example.com on the right hand side, bottom link. Once I added the CA to the Trusted CAs in the certificate store, I could NOT get this error to reproduce; removing the CA immediately brought it back. I'm pretty confident this is the fix.

To ensure I'm explaining it properly, I wrote a blog post which goes into greater detail on the findings and remediation. As emphasized there, I've only been testing it this way for a month, but I've had 0% errors across upwards of 30 manual runs in that time. I think this really is it.

@Sneddo

This comment has been minimized.

Show comment
Hide comment
@Sneddo

Sneddo Aug 24, 2017

Collaborator

That's really interesting! Hopefully some of the others can confirm this fix.

Does line up with my own observations though- I haven't seen it in my current environment which uses certs from our internal CA, but in previous roles I would occasionally see it...

Collaborator

Sneddo commented Aug 24, 2017

That's really interesting! Hopefully some of the others can confirm this fix.

Does line up with my own observations though- I haven't seen it in my current environment which uses certs from our internal CA, but in previous roles I would occasionally see it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment