Issues with PowerCLI (PowerShell 64-Bit) with PhotonOS 3.0 on Raspberry Pi 3

[lamw]

I was recently experimenting with latest Photon OS 3.0 for the Raspberry Pi 3 and wanted to get PowerShell and PowerCLI running. I found that for the current release of PowerShell, only the 32-Bit image has been published, I found that the upcoming 6.0 Preview 3 includes the 64-Bit version of PowerShell. Once I got that installed, I was able to launch PS on PhotonOS but I hit another issue when trying to connect to VC/ESXi endpoint with the following error: The SSL connection could not be established, see inner exception.

I've also tried running Set-PowerCLIConfiguration -InvalidCertificateAction Ignore but that had no effect.

In any case, below are the instructions in case anyone else was interested:

Step 1 - Install PhotonOS 3 on rPi3

Step 2 - Install required packages

tdnf -y install tar icu libunwind unzip wget

Step 3 - Download PS 6.2 Preview 3 (64-Bit) for rPI and latest PowerCLI 11.1 release:

wget https://github.com/PowerShell/PowerShell/releases/download/v6.2.0-preview.3/powershell-6.2.0-preview.3-linux-arm64.tar.gz
wget https://vdc-download.vmware.com/vmwb-repository/dcr-public/9948998f-1f64-4f4a-856b-f43f1a158980/8f94ba7b-efeb-4009-bc47-613e9e95fbed/VMware-PowerCLI-11.1.0-11289667.zip

Step 4 - Run the following commands to setup PS and unzipping the PCLI module:

mkdir ~/powershell
mkdir -p ~/.local/share/powershell/Modules
tar -xvf ./powershell-6.2.0-preview.3-linux-arm64.tar.gz -C ~/powershell
unzip VMware-PowerCLI-11.1.0-11289667.zip -d ~/.local/share/powershell/Modules

Step 5 - Launch PS by running:

powershell/pwsh

Step 6 - Attempt to connect to VC/ESXi endpoint using Connect-VIServer cmdlet:

PS /root> Connect-VIServer -Server 192.168.30.200 -User administrator@vsphere.local -Password VMware1!
Connect-VIServer : 1/20/19 6:37:32 PM   Connect-VIServer        The SSL connection could not be established, see inner exception.
At line:1 char:1
+ Connect-VIServer -Server 192.168.30.200 -User administrator@vsphere.l ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Connect-VIServer], ViError
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_SoapException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

Below is the InnerException and Stacktrace, not sure if these help ...

PS /root> $error[0].exception.InnerException

The SSL connection could not be established, see inner exception.

PS /root> $error[0].exception.StackTrace

   at VMware.VimAutomation.ViCore.Impl.V1.Service.ConnectivityServiceImpl.Reconnect(AuthenticationType authenticationType)
   at VMware.VimAutomation.ViCore.Impl.V1.Service.ConnectivityServiceImpl.Connect(VimClientConfig config, AuthenticationType authenticationType)
   at VMware.VimAutomation.ViCore.Impl.V1.Service.ConnectivityServiceImpl.Login(String protocol, String server, Int32 port, String username, String password, IServerCertificateValidationHandler certificateValidationCallback)
   at VMware.VimAutomation.ViCore.Impl.V1.Service.ServerLoginHelper.DoLoginUseUserPass(String protocol, String serverAddress, Int32 portNum, VIAutomation client, Boolean incrementConnectionRefCount, String password, String user, IServerCertificateValidationHandler certificateValidator, Boolean& wasReused)
   at VMware.VimAutomation.ViCore.Impl.V1.Service.ServerLoginHelper.DoLogin(String serverAddress, Nullable`1 port, String protocol, String& user, String& password, String sessionId, Boolean incrementConnectionRefCount, IServerCertificateValidationHandler certificateValidator, Boolean& wasReused, CredentialPromptCallback credentialPromptCallback)
   at VMware.VimAutomation.ViCore.Impl.V1.Service.ClientManagerImpl.ConnectViServer(IList`1 server, Nullable`1 port, String protocol, String user, String password, String sessionId, IServerCertificateValidationHandler certificateValidator, CredentialPromptCallback credentialPromptCallback, ServerConnectedCallback callback)

[lucdekens]

I experienced similar, assuming you used a self-signed certificate on the vSphere Server. I did some testing with Invoke-WebRequest.

Could you try if a web request in PS v6 with the SkipCertificateCheck works?

Invoke-WebRequest -Method Get -Uri https://<vSphere-Server> -SkipCertificateCheck

Without that switch, it should fail with an 'The remote certificate is invalid according to the validation procedure' error.

When you do the same from PS v5.*, the error is more cryptic. It says 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel'.

[lamw]

I had tried that IIRC and any other variations to ignore the cert but still same error.

[CollinChaffin]

Is anyone working on this? From what I have tested on every Photon 3 install now installing powershell via tdnf results in a completely UNUSABLE BROKEN Powershell install. It all seems to revolve around the same thing - SSL/TLS/Crypto issues from a conflict which now even breaks all the core workings (ie. zero repos/modules installed by default, no command completions, etc.).

[akaher]

@lamw looks like you are using the binaries which are not compiled using the Photon libs and most-probably because of mismatching of libcurl.so.4(CURL_OPENSSL_3) for aarch64, you are getting this issue for aarch64.

@CollinChaffin you are installing Powershell on x86_64, please help us by providing the Steps and Logs for SSL/TLS/Crypto issues on x86_64.

[lamw]

@akaher Any updates on having PowerShell support for Photon AARCH64? I also saw your comment on 9/11 https://github.com/vmware/photon/issues/926#issuecomment-530673327

[dcasota]

@akaher Maybe this helps for the SSL/TLS/Crypto issues on x86_64. In pwsh6.2.3 it seems necessary to make some setting persistent.