Baremetal Server Certificate Rotation Alarm
search cancel

Baremetal Server Certificate Rotation Alarm

book

Article ID: 399813

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

An alarm "Certificate rotation failed for a Baremetal Server" is observed on the SSP UI.

Environment

vDefend SSP >= 5.1

Cause

Cert rotation is triggered as a system wide operation. The rotation window is 7 days. If the Baremetal Server is not available in that period, it fails the rotation and therefore it will not be able to connect to any SSP component (BMO/BMC). The alarm is to tell the user that the cert rotation failed for a given Baremetal Server.

Resolution

Step 1: Uninstall agents locally in Baremetal server

  • ssh as root to the Baremetal server
  • go to vdefend cli (/opt/vmware/vdefend/cli/bin/vdefend-cli) 
  • run 'uninstall bms'.

Step 2: Force offboard the server in SSP UI

  • Force offboarding a Baremetal server can be done either via API or UI. 
  • From API 
    • https://<ingressUrl>/baremetal/servers/<serverId>?force=true
  • From UI
    • Go to System > Bare Metal Servers
    • In Inventory Select "Force Offboard Server"
Powered by Wolken Software