Category Archives: PowerCLI

PowerCLI: "WARNING: There were one or more problems with the server certificate"

When you run a PowerCLI script that connects to a vCenter Server, which uses a self-signed SSL certificate:

1:57:08 AM Connecting to VI Server
WARNING: There were one or more problems with the server certificate:
* A certification chain processed correctly, but terminated in a root
certificate which isn't trusted by the trust provider.
Certificate: [Subject]
  E=support@vmware.com, CN=foo.example.com, OU="VMware, Inc.", O="VMware, Inc."
[Issuer]
  E=support@vmware.com, CN=foo.example.com, OU="VMware, Inc.", O="VMware, Inc."
[Serial Number]
  C49018FF
[Not Before]
  5/18/2012 9:20:09 AM
[Not After]
  5/16/2022 9:20:09 AM
[Thumbprint]
  AAA9E2D164E7258D0BF2841173AE46034C097FFF
The server certificate is not valid.
WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A
FUTURE RELEASE. To ensure scripts are not affected by the change, use
Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction
option.
PowerCLI C:\> Get-PowerCLIConfiguration
Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
                                                                                                  Seconds
-----    -----------     ------------------- ------------------------  -------------------------- -------------------
Session  UseSystemProxy  Single              Unset                     True                       300
User                     Single
AllUsers

To permanently resolve this, Right-click on PowerCLI > Run as Administrator:

PowerCLI C:\> set-PowerCLIConfiguration -invalidCertificateAction "ignore" -confirm:$false
Scope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout
                                                                                                  Seconds
-----    -----------     ------------------- ------------------------  -------------------------- -------------------
Session  UseSystemProxy  Multiple            Ignore                    True                       300
User
AllUsers                                     Ignore

References

PowerCLI: "Security Warning. Run only scripts that you trust."

Actually, this is an issue with PowerShell and not PowerCLI. When a script is downloaded via Internet Explorer from the Internet or an Intranet, a NTFS Alternative Data Stream is added to the file with a Zone Identifier, indicating the file’s origin. These scripts are unsigned, and thus untrusted.

PowerCLI C:\vCheck-vSphere-master> .\vCheck.ps1
Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run
C:\vCheck-vSphere-master\Styles\Default\Style.ps1?
[D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): D

To resolve this, Right-click on PowerCLI > Run as Administrator:

PowerCLI C:\> Get-ExecutionPolicy
Unrestricted
PowerCLI C:\> Set-ExecutionPolicy bypass
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic.
Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y

References

PowerCLI: "Initialize-PowerCLIEnvironment.ps1 cannot be loaded because the execution of scripts is disabled on this system."

Whenever you start PowerCLI, you see:

File C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:2
+ . <<<<  "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Script
s\Initialize-PowerCLIEnvironment.ps1"
    + CategoryInfo          : NotSpecified: (:) [], PSSecurityException
    + FullyQualifiedErrorId : RuntimeException
PS C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI>

To permanently allow the execution of scripts, Right-click on PowerCLI > Run as Administrator:

PS C:\> Get-ExecutionPolicy
Restricted
PS C:\> Set-ExecutionPolicy RemoteSigned
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
PS C:\> Get-ExecutionPolicy
RemoteSigned