The system administrator can replace the Management Agent certificate when it expires or
about to expire with new self-signed certificate.
Each IaaS host runs its own Management Agent. Repeat this procedure on each IaaS node whose
Management Agent you want to update.
Prerequisites:
Obtain vRA Management Agent hostname (hn):
Copy the vRA Management Agent hostname from the vRA VAMI interface under cluster tab, where you see the warning or error for certificate for agent.
Obtain vRA Management Agent ID (nd):
Copy the details from the existing Agent Config file from the vRA Management Agent installation directory.
On each of the IaaS nodes where you will be replacing the certificate, obtain the Management Agent identifier by opening the below file.
<vra-installation-dir>\Management Agent\VMware.IaaS.Management.Agent.exe.config file.
agentConfiguration id
Obtain vRA appliance SSL Thumbprint (tp):
You can find this in the same file <vra-installation-dir>\Management Agent\VMware.IaaS.Management.Agent.exe.config file
Find below screenshot for sample file and data to copy
Once all the required data copied perform below 2 steps, before generating and registering new self-sign certificate with vRA appliance management site.
1. Stop the Management Agent service from your Windows Services snap-in.
VMware vCloud Automation Center Management Agent service
Stop to stop the service.
2 Remove the current certificate from the machine.
Local Machine certificate snap-in in MMC console, remove the current Management Agent certificate.
- Register the Management Agent certificate with the vRA appliance management site.
Open a command prompt as an administrator and navigate to the Cafe directory on the
machine on which the Management Agent is installed at <vra-installation-dir>
\Management Agent\Tools\Cafe, typically C:\Program Files (x86)\VMware\vCAC
\Management Agent\Tools\Cafe.
Enter the Vcac-Config.exe RegisterNode command with options to register the
Management Agent identifier and certificate in one step. Include the Management Agent
identifier you recorded earlier as the value for the -nd option.
Vcac-Config.exe RegisterNode -v -vamih "vra-va.eng.mycompany:5480" -cu "root" -cp
"secret" -hn "iaas.eng.mycompany" -nd "C816CFBX-4830-4FD2-8951-C17429CEA291" -tp
"70928851D5B72B206E4B1CF9F6ED953EE1103DED"
Restart the Management Agent.
Now you can verify from vRA VAMI UI under cluster Agent certificate warning/error should disappeared.
To get more details use VMware documentation: https://kb.vmware.com/s/article/86046
No comments:
Post a Comment