When restoring to a backup that was taken before Platform CA certificate refresh, all Bare Metal Servers get disconnected from Security Services Platform.

vDefend SSP >= 5.1

When Platform CA is refreshed, the certificates on the Bare Metal Servers are updated with the new Platform CA certificates. During restore, the old certificates are restored in the Security Services Platform, but the certificates on the actual Bare Metal Servers remain unchanged (still have the new certificates). This mismatch between the restored old certificates in the Security Service Platform and the new certificates on the Bare Metal Servers causes the disconnected state.

To resolve the issue, follow these steps for each disconnected Bare Metal Server:

Step 1: SSH into the Bare Metal Server with sudo privileges

Step 2: Launch vDefend CLI 

/opt/vmware/vdefend/cli/bin/vdefend-cli

Step 3: Uninstall Bare Metal Server Agents. Execute the uninstall command within the vDefend CLI:

vdefend-cli> uninstall bms

Step 4: Follow the standard Bare Metal Server installation documentation to re-onboard the server