This issue can be resolved by using a PowerCLI module called
VMware.TrustedInfrastructure.Helper that can be found here
PowerCLI-Example-Scripts.
The functions in the module will automatically add the host to the desired cluster and configure it.
Prerequisites:
- You must be a Trust Authority Administrator, a part of the TrustedAdmins group and also have the Host.Inventory.Add Host To Cluster privilege on vCenter system.
- Do not perform any other operations on the ESXi host and existing ESXi hosts in the target cluster when running the script.
- The ESXi host must be wiped from existing Trusted Infrastructure configuration. If the ESXi host has been previously configured as part of vSphere Trust Authority (part of a vCenter configured for vSphere Trust Authority, a Trust Authority Cluster or Trusted Cluster), you must use the decommission script first - Trusted Infrastructure Host Decommission Alarm is triggered when host is moved out of a cluster.
- Clusters should be in a healthy state (check all vSphere Trust Authority APIs which return Health field).
- The ESXi host must be removed from vCenter.
- You must know the ESXi host root credentials (username and password).
- You must have purchased sufficient license for vSphere Trust Authority.
- You must have PowerCLI 12.0.0 and above.
- Following PowerCLI modules are required to be imported: VMware.VimAutomation.Security, VMware.TrustedInfrastructure.Helper
- Run the command Get-Command -Module VMware.TrustedInfrastructure.Helper. This should inform the following functions are available:
- Add-TrustAuthorityVMHost
- Add-TrustedVMHost
If you do not see these functions listed, the PowerCLI module is not loaded correctly.
To add an ESXi host to an already configured Trust Authority Cluster:
- You will need access to the following information used at the time of configuration of the Trust Authority Cluster:
- Host base images binary imgdb.tgz files.
- Private part of client certificate (if not using self signed certificates).
- In PowerShell, run the command Add-TrustAuthorityVMHost. You can get details about the command by running Get-Help Add-TrustAuthorityVMHost -full:
- After cmdlet has finished successfully you can reset alarm state to Green.
To add an ESXi host to an already configured Trusted Cluster:
- In PowerShell, run the command Add-TrustedVMHost. You can get details about the command by running Get-Help Add-TrustedVMHost -full.
- After the cmdlet has finished successfully you can reset alarm state to Green.