Trusted Infrastructure Host Not Configured Alarm when moving host into a cluster
search cancel

Trusted Infrastructure Host Not Configured Alarm when moving host into a cluster

book

Article ID: 313805

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • Trusted Infrastructure Host Not Configured Alarm is triggered after moving an ESXi host into a Trust Authority or Trusted cluster.
  • com.vmware.vc.TrustAuthority.HostNotConfigured error category event is raised.


Environment

VMware vSphere ESXi 7.0.0

Cause

When you add an ESXi host to a Trusted Cluster or Trust Authority cluster, the new host must be consistent with the vSphere Trust Authority configuration already applied to the cluster. The alarm notifies that the added host must be configured in order to use it as part of vSphere Trust Authority. If you move an ESXi host to a Trust Authority or Trusted cluster and do not configure it, the cluster will be in an inconsistent state and you won't benefit from the new host.

Resolution

This issue can be resolved by using a PowerCLI module called VMware.TrustedInfrastructure.Helper that can be found here PowerCLI-Example-Scripts.
The functions in the module will automatically add the host to the desired cluster and configure it.

Prerequisites:

  • You must be a Trust Authority Administrator, a part of the TrustedAdmins group and also have the Host.Inventory.Add Host To Cluster privilege on vCenter system.
  • Do not perform any other operations on the ESXi host and existing ESXi hosts in the target cluster when running the script.
  • The ESXi host must be wiped from existing Trusted Infrastructure configuration. If the ESXi host has been previously configured as part of vSphere Trust Authority (part of a vCenter configured for vSphere Trust Authority, a Trust Authority Cluster or Trusted Cluster), you must use the decommission script first - Trusted Infrastructure Host Decommission Alarm is triggered when host is moved out of a cluster.
  • Clusters should be in a healthy state (check all vSphere Trust Authority APIs which return Health field).
  • The ESXi host must be removed from vCenter.
  • You must know the ESXi host root credentials (username and password).
  • You must have purchased sufficient license for vSphere Trust Authority.
  • You must have PowerCLI 12.0.0 and above.
  • Following PowerCLI modules are required to be imported: VMware.VimAutomation.Security, VMware.TrustedInfrastructure.Helper
  • Run the command Get-Command -Module VMware.TrustedInfrastructure.Helper. This should inform the following functions are available:
    • Add-TrustAuthorityVMHost
    • Add-TrustedVMHost
If you do not see these functions listed, the PowerCLI module is not loaded correctly.

To add an ESXi host to an already configured Trust Authority Cluster:

  1. You will need access to the following information used at the time of configuration of the Trust Authority Cluster:
    1. Host base images binary imgdb.tgz files.
    2. Private part of client certificate (if not using self signed certificates).
  2. In PowerShell, run the command Add-TrustAuthorityVMHost. You can get details about the command by running Get-Help Add-TrustAuthorityVMHost -full:
  3. After cmdlet has finished successfully you can reset alarm state to Green.

To add an ESXi host to an already configured Trusted Cluster:

  1. In PowerShell, run the command Add-TrustedVMHost. You can get details about the command by running Get-Help Add-TrustedVMHost -full.
  2. After the cmdlet has finished successfully you can reset alarm state to Green.