Trusted Infrastructure Host Decommission Alarm is triggered when host is moved out of a cluster
search cancel

Trusted Infrastructure Host Decommission Alarm is triggered when host is moved out of a cluster

book

Article ID: 323607

calendar_today

Updated On: 10-13-2021

Products

VMware vCenter Server

Issue/Introduction



Symptoms:
Trusted Infrastructure Host Decommission Alarm is triggered after moving an ESXi host out of a Trust Authority or Trusted cluster. A com.vmware.vc.TrustAuthority.DecommissionHost error category event is posted.

Environment

VMware vCenter Server 7.0.x

Cause

When you remove an ESXi host from a Trusted Cluster or Trust Authority cluster, the host continues to retain its vSphere Trust Authority configuration. The alarm notifies that the moved out host must be decommissioned by following a specific procedure. This is a necessary step the user must perform in order to remove the existing vSphere Trust Authority configuration if they desire to continue using the host. Failing to perform the decommission procedure results in a security risk and undefined behavior if the user decides to use the host in other Trusted Infrastructure clusters. Decommissioning a host removes its vSphere Trust Authority Configuration.

Resolution

Prerequisites

  • You must be a Trust Authority Administrator
  • Do not perform any other operations on the ESXi host when running the script

Steps:
  1. Remove the ESXi host from the Trust Authority or Trusted cluster.
  2. Remove the ESXi from the vCenter inventory.
  3. Use SSH or another remote console connection to start a session on the ESXi host.
  4. Log in as the root user.
  5. Extract the script from the attached file 77146_trusted-infra-decommission-esx.zip
  6. Copy the script trusted-infra-decommission-esx.sh to the ESXi host  and change the permissions to make it executable                                                                                                                                                                             chmod +x /tmp/trusted-infra-decommission-esx.sh
  7. Run the trusted-infra-decommission-esx.sh bash script
  8. Once the decommission process has finished, a reboot is required. The script will ask at the end whether you want to perform it now. Type "Y" for yes or "N" for no and press Enter.
  9. When the reboot is complete. Re-add the ESXi host to the vCenter inventory.
  10. Reset the alarm state to Green.


Additional Information

Impact/Risks:


Attachments

77146_trusted-infra-decommission-esx get_app
Powered by Wolken Software