How to Change the IP Address of a VMware vSAN Witness Node
search cancel

How to Change the IP Address of a VMware vSAN Witness Node

book

Article ID: 400654

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

  • Need to change the IP address of a vSAN Witness Host that is part of a Stretched Cluster due to a network migration or infrastructure update (e.g., moving to a different subnet).
  • Changing the IP address of a Witness Host incorrectly can lead to vSAN component accessibility issues, fault domain misconfiguration, or even cluster partitioning.

Environment

  • VMware vSAN 7.x
  • VMware vSAN 8.x
  • vSAN Stretched Cluster with External Witness Host (Physical or Virtual)

Resolution

Changing the IP address of a vSAN Witness Host in a Stretched Cluster is a disruptive operation and must be done with caution. It is strongly recommended to perform this change during a maintenance window or non-business hours, with appropriate change management in place.

Follow the steps below to perform this operation safely:

Procedure: 

1. Disable vSAN Stretched Cluster Configuration

    1. Log in to the vSphere Client.

    2. Navigate to the Cluster > Configure > vSAN > Fault Domains & Stretched Cluster.

    3. Click Disable Stretched Cluster.

      • This step removes the association between the data sites and the witness node, allowing safe reconfiguration.

2. Update Witness Host Network Configuration

    1. Change the IP address of the vSAN Witness ESXi host to the new subnet.

    2. Ensure the following VMkernel adapters are updated:

      • Management VMkernel port

      • vSAN Witness Traffic VMkernel port

    3. Validate that DNS, gateway, and subnet mask settings are correctly configured.


3. Validate Network Connectivity

    1. Confirm that all data site ESXi hosts can reach the new IP address of the Witness Host.

    2. Verify that required vSAN ports are open between the data nodes and the Witness Host.

    3. Perform connectivity tests:

      • Use the vSAN Health Check to validate communication with the witness.

      • Use vmkping to test connectivity from each data node to the new Witness VMkernel IP.

4. Reconfigure vSAN Stretched Cluster

    1. In the vSphere Client, go to the Cluster > Configure > vSAN > Fault Domains & Stretched Cluster.

    2. Click Configure Stretched Cluster.

    3. Select the updated Witness Host and assign it to the appropriate site.

    4. Verify:

      • The Witness Host is added successfully.

      • Fault domains (Preferred and Secondary) are correctly aligned.

      • No component placement or health issues are reported.

    5. Monitor vSAN resync and rebalancing activity via the Resync Dashboard.

Additional Information

  • The witness host is just a nested ESXi hypervisor installed inside of a VM.  Changing the IP address, FQDN, and/or DNS IP address on the witness host is no different from making these changes on any other ESXi host.

  • NOTE:  It is often simpler and faster to deploy a new appliance with the new IP address, FQDN, & DNS IP address, since the appliance can be deployed in advance without disturbing your stretched cluster until the new appliance is fully deployed and networking verified. The switch over time from the old appliance to the new appliance will thus be minimized. See KB: vSAN Stretch Clusters - How to Replace the Witness Appliance/Host
Powered by Wolken Software