I recently upgraded my lab to vSphere 6.0 Update 3 and then used the vSphereTLSReconfigurator to only allow TLSv1.2 as described in this KB article https://kb.vmware.com/kb/2148819. After completing this change, I noticed that my PowerCLI 6.3 R1 machine could no longer connect to vCenter (although my machine with PowerCLI 6.5 was working fine). The specific error encountered was:
connect-viserver : 3/5/2017 3:47:53 PM Connect-VIServer The underlying connection was closed: An unexpected error occurred on a send. At line:1 char:1 + connect-viserver vcsa-01a -user administrator@vsphere.local -p ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-VIServer], ViError + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_WebException,VMware.VimAutomation.ViCore.Cmdl ets.Commands.ConnectVIServer
I found this KB article: Enabling the TLSv1.1 and TLSv1.2 protocols for PowerCLI https://kb.vmware.com/kb/2137109 which solved my issue. I created a 32bit DWORD named “SchUseStrongCrypto” in the HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 key and set the value to 1. Even using the 64bit version of PowerCLI, this DWORD was all that I needed to resolve my issue.
Any reason you didnt update to PowerCLI 6.5 R1?
I actually had to install PowerCLI 6.3 to test this out — someone had asked me what would happen with PowerCLI if only TLSv1.2 was allowed. I tested with PowerCLI 6.5 and everything worked as expected. I then tried with one rev back to make sure that worked as well. When it didn’t I did a bit of searching and found the KB article that did the trick. Figured I’d share in case anyone else had a similar issue.
Thanks, I just wanted to make sure your readers knew that we always recommend installing the latest version as PowerCLI 6.5 R1 is backwards compatible to vSphere 5.5! Thanks for the post.