Category: Windows [en]

Posted on

Contact to Powershell Gallery not possible

On older Windows systems, it may not be possible to contact the Powershell Gallery. An error is returned when an attempt is made.

Unable to resolve package source ‘https://www.powershellgallery.com/api/v2’

Root cause in the TLS

Transport Layer Security (TLS) is an encryption protocol for secure data transmission on the internet. Since 2021, TLS versions 1.0 and 1.1 have been considered obsolete and are therefore no longer accepted by many applications. TLS 1.2 and 1.3 have therefore become the new standard. The Powershell Gallery has also required at least TLS 1.2 since 2020 and rejects older protocols. Older Powershell versions such as Powershell 5.1 do not support this configuration.

Query current security protocol

[Net.ServicePointManager]::SecurityProtocol

Powershell usually returns the value ‘SystemDefault’ as the result. This means that Powershell uses the system-wide settings for TLS.

PS > [Net.ServicePointManager]::SecurityProtocol
SystemDefault

If an older TLS version is defined as the default in the system, Powershell uses this as the default.

Enforce TLS 1.2

TLS 1.2 can be enforced in Powershell with the command shown below. However, this command must be executed again in every new Powershell session.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

The command from the first screenshot can be executed again for testing purposes.

PS > Find-Module -Name VMware.PowerCLI

The version of the module is now returned without an error message.

Version Name Repository Description
------- ---- ---------- -----------
13.3.0.... VMware.PowerCLI PSGallery This Windows PowerShell module contains VMware.PowerCLI

Sustainable solution

Forcing the TLS 1.2 version can only be a short-term fix. In the long term, the Poweshell version in the OS should be brought up to date. Older systems that have reached their end-of-life (EoL) according to Microsoft should no longer be used. That’s easy to say, but in practice I often come across legacy systems that cannot be replaced for a variety of reasons.

Posted on

PowerCLI offline installation

Strict security policies are in place in many corporate environments. This means that it is only possible to access internet resources to a limited extent, if at all. This becomes apparent, for example, when trying to install PowerCLI on a management system. While the availability of PowerCLI modules in the PowerShell Gallery provides an easy way to install or update PowerCLI, this is only possible if access to this external resource is allowed by Powershell. Using the Powershell Gallery requires the NuGet Packet Management Provider. This must also be obtained online.

 Install-Module -Name VMware.PowerCLI -Scope CurrentUser

If the Internet connection is restricted or blocked, the above command fails. But you can also transfer the modules offline. For this you need a PC with free internet access. Here you use a different command, which does not install the modules, but only downloads them to a defined path.

 Save-Module -Name VMware.PowerCLI -Path C:\temp\PSModules

Copy the entire contents of the PSModules folder to a storage medium of your choice (e.g. USB flash drive) and transfer the files to the desired offline system where PowerCLI is needed.

If you have admin rights on the target system, you can copy files to the loaction below.

 C:\Program Files\WindowsPowerShell\Modules

Now the PowerCLI modules are also available on the offline system. For a version update the procedure must be repeated. It is advisable to remove the VMware modules before transferring the current ones.

Get-Module VMware.* -ListAvailable | Uninstall-Module -Force

Further customization

Customer Experience Improvement Program (CEIP)

The VMware Customer Experience Improvement Program collects data about the use of VMware products. You can either agree (true) or disagree (false). For offline systems, only the rejection (false) makes sense. The command shown below suppresses future notifications within PowerCLI.

Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -confirm:$false

Ignore invalid SSL certificates

Bei Verwendung selbstsignierter Zertifikate im vCenter verweigert PowerCLI die Verbindung. Dieses Verhalten kann unterdrückt werden mit dem Befehl:

When using self-signed certificates in vCenter, PowerCLI will deny the connection. This behavior can be suppressed with the command:

Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Ignore -confirm:$false
Posted on

vCenter and AD Domain Functional Level

If you’re running a vCenter appliance with Active Directory integration you should take care about your Domain Functional Level. It is crucial to closely work together with the domain administrators team, for some vCenter versions may not support the latest level supported by Windows Server 2016.

What is the Domain Functional Level?

Functional levels determine the available Active Directory Domain Services domain capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. Choosing a Functional Level of Windows Server 2012 implies that there can’t be any Domain Controllers prior that level (like Server 2008 R2).

Functional levels do not affect which operating systems you can run on workstations or servers that are joined to the domain.

Set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many ADS features as possible. Continue reading “vCenter and AD Domain Functional Level”

Posted on

Veeam Default Repository

System choked by data – Why you should remove the default repository after installation

A typical Veeam Backup & Replication installation consists of several sub-components. There is the Backupserver with the database, there are backup proxies, Mount Server, Gateway server and Backup-repositories. Repositories are datastores which hold your backup data. Right after initial setup the installer will create a repositoty on your system partition which is the default repository. Normally your system partition isn’t very big. Maybe 100 GB or less. One of the first tasks after installation is to define a new backup repository with Terabytes of free space. Sometimes you might forget about the default repository, which is pointing at your system partition. Under certain conditions this can turn into a timebomb which I witnessed in the wild recently. Continue reading “Veeam Default Repository”