Attempting to renew self-signed certificates with vSphere 7.0 Certificate Manager, the author faced issues renewing certain certificates such as the STS, encipherment, and ESXi certificates. They followed specific VMware articles and utilized tools like vCert to address the problems. After troubleshooting and manual interventions, including removing expired VMCA certificates and renewing the encipherment certificate, all certificates showed a valid status except for the backup entries.
This post outlines an automation script, Update-ESXi.ps1, designed to manage VMware ESXi host updates with enhanced control over VMware's standard Update Manager. It targets individual hosts or clusters, providing detailed logs and multiple notifications during the update process, sent via email at key stages including job start, host maintenance mode initiation, and job completion. A sample log and script usage instructions are provided, with the script available for download on GitHub.
To decommission NSX in an old environment, steps included force-removing disconnected NSX controllers via API, backing up NSX Manager, migrating VMs to vLANs, and orderly deleting NSX Edges, Logical Switches, and transport zones. Hosts required maintenance mode for VIB removal and rebooting. NSX Manager was shut down, pending final deletion, and the plugin was manually removed from the MOB. These detailed steps are essential as vendor documentation often lacks offboarding guidance.
