Disconnect Subscribed vCenter Servers from vSphere+ Cloud Console and Apply License Keys

Disconnect Subscribed vCenter Servers from vSphere+ Cloud Console and Apply License Keys

book

Article ID: 323680

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The aim of this article is to facilitate a smoother transition for vSphere+ users  from the current keyless cloud-connected model to a key-based disconnected subscription model, ensuring seamless business continuity throughout the process.

Symptoms:

After Broadcom's acquisition of VMware, our shared goal is to focus and invest in on-premises products as published in earlier blog posts by Krish Prasad and Rick Walsworth

 

vSphere+ users who have connected their vCenter servers to the Cloud Console are encouraged to migrate from SaaS to on-premises deployments to benefit from our product investments and roadmap.

This article helps vSphere+ users disconnect their vCenter Servers and apply their license keys.

 

Cause

To support users to remove vSphere+ capabilities in brownfield deployments and move vSphere environment to termed license mode.

Resolution

The proposed solution is to disconnect the vCenter from the GW/Cloud and remove the subscription so that the customer can apply license keys. А vCenter API is available for this.

Note:

  • If the vCenter is disconnected, no GW changes are required.
  • If the vCenter isn't subscribed, so no vCenter changes are necessary either.
  • Please ensure that you take downtime of all the VCs that are part of a single gateway instance & run the script on all of them to apply licenses.

Steps:


1. Obtain the necessary license keys for virtual infrastructure licensing after unsubscribing. (The system will transition into an unlicensed state, and to avert any potential side effects, the process of applying the license keys must remain streamlined. Therefore, it is advised that the customer possesses the keys in advance.).

Note: The keys will be available on the Broadcom Support Portal under "My Entitlements".

2. Prepare for maintenance and possible downtime.

  • Once the script is executed, the system will transition into an unlicensed state, and to avert any potential side effects, the process of applying license keys must remain streamlined. Therefore, it is advised that the customer possesses the keys in advance.
  • Ensure we have a snapshot of the vCenter Server.
  • If the vCenter Server is part of ELM, take offline snapshot of all the vCenter Servers part of the setup.
  • This script, once executed will license the VC and ESXi hosts with evaluation licenses valid for 60 days. However, Users should apply their licenses as soon as possible because if the temp licenses are expired, all hosts will disconnect from the vCenter Server.

    3. Power off the GW to sever the connection from GW to vCenter. This will prevent automatic re-subscription from the GW.
    4. Download the attached delete-subscription.sh file from the attachments section of the iKB.
  • Upload the script on the vCenter Server, preferably in /tmp
  • Make the script executable chmod +x delete-subscription.sh.
  • Execute the script: ./delete-subscription.sh <vc_fqdn>
  • Note:  You may receive an error when you try to run the script:
    bash:  ./delete-subscription.sh: /bin/bash^M: bad interpreter: No such file or directory
    This error is caused by DOS carriage returns added to the script when copying from a Windows-based text editor.  To resolve this problem, run the following command and rerun the script:

    sed -i -e 's/\r$//' delete-subscription.sh
  • Note: If you get an error running the script with a message of: [priority='ERROR' thread=' ' user=' ' org=' ' trance=' ' ] Response code is: 400. Response: Bad Request., it is due to an invalid character(s) that are used in the local SSO admin password (i.e. [email protected]). Change the password if it contains the following invalid characters:
    • & (ampersand)
    • ; (semicolon)
    • " (double quotation mark)
    • ' (single quotation mark)
    • ^ (circumflex)
    • \ (backslash)
    • % (percentage)

5. Execute the application of license keys to all assets within the virtual environment from the vCenter H5C UI.

The assignment of the new licenses should happen in this order:

  • Assign license to vCenter.
  • Assign licenses to all ESXi hosts.
  • Assign licenses to vSAN
  • Reconnect those that were disconnected during this process

6. Delete the GW VM. Do not power it back on.

7. Script will only remove the subscription of vCenter Server with vSphere+. We will need to manually remove all the CloudGateway service accounts (with prefix: CloudServicesGateway) from vCenter Server.

  • Login to vCenter Server UI using administrator SSO credentials.
  • Navigate to Administration > Users and Groups > Select domain “local SSO".
  • Filter Users with CloudServicesGateway prefix and delete the user accounts.
  • Similarly Go to > Global Permission > CloudServicesGateway > Select the permission > Delete.


Please Note:

  • Users running on vSphere 7.x will need to downgrade their new licenses received as they are issued as version 8.x.
  • Ensure that the newly received license keys are assigned to the VCs & ESXi hosts at the earliest as once the temp license expires, the hosts will get disconnected from the vCenter.



Workaround:
In case of failure, follow below steps,

  1. Power on the cloud gateway and validate that the VCs are in connected state on cloud portal.
  2. In case VC goes down, power off the VCs and revert the snapshot of all the linked VCs and power them back on and re-validate the connection.

To license vSAN Witness nodes, please follow the steps below:

With vSphere+, the witness nodes were recognized as ESXi hosts, and licenses were allocated to them accordingly. Therefore, after executing the script, the witness appliance is anticipated to have an evaluation license.

To resolve this issue, you will need to redeploy the witness node and re-add it to the vSAN cluster to ensure it receives the default embedded license.


Deploy Witness Node:

Deploy a new witness appliance by getting the desired Version via the following steps:

1.) Log into your Account: https://support.broadcom.com/contact-support.html
2.) On the left side select "My Downloads"
3.) Select "VMware Cloud Foundation" on the upper right corner (besides your Account Name)
4.) In the Product Selection, select "VMware vSAN"
5.) Select the desired Version
6.) Select the section "Drivers & Tools"
7.) Look for desired Version of "VMware vSAN Witness Appliance"
8.) Select the arrow on the right side to expand the entry
9.) Download the desired Version

Replace the witness node:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan-planning.doc/GUID-2775B2FD-7733-4921-BA04-B951F78C6BF9.html



Attachments

delete-subscription get_app