Resetting a vSAN Witness Appliance back to the embedded license

Disclaimer: This procedure changes the license state of a vSAN Witness Appliance and may temporarily affect the witness configuration in a stretched cluster or 2-node cluster. Make sure you have a maintenance window and verify the health/state of the cluster before you begin.

Broadcom/VMware documents that the vSAN Witness Appliance includes an embedded vSphere license and does not require a separate purchased license for the virtual appliance itself. There is also an official KB for cases where the witness shows up with an expired or evaluation license in vCenter after a major upgrade. But if the original embedded key has actually been overwritten, the normal disconnect/reconnect workaround may not be enough.

I recently ran into a situation where the embedded license on a vSAN Witness Appliance had been overwritten with a regular ESXi license key.
The witness appliance is supposed to use its built-in embedded license, so this needed to be reverted.
If the witness is still part of a vSAN stretched cluster or 2-node configuration, remove it from that configuration first.
Below is the procedure that worked for me.

Steps

  1. Disable the stretched cluster / witness configuration if the witness is currently in use.
  2. Enable SSH on the witness appliance.
  3. Disconnect the witness from vCenter.
  4. Log in to the witness host UI and remove the manually assigned license.
  5. SSH to the witness appliance and run:
rm -r /etc/vmware/license.cfg
cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg
/etc/init.d/vpxa restart
esxcfg-advcfg -s 1 /VSAN/HostDeployedFromWitnessOVF
  1. Reboot
  2. Remove the witness host from the vCenter inventory.
  3. Add the witness host back to vCenter.
  4. Accept that it may initially show as using an evaluation license.
  5. Reboot the host once more from vCenter.
  6. Disconnect and reconnect the witness host in vCenter.
  7. Wait a few minutes and verify that the embedded witness license is back.
  8. Re-add the witness to the stretched cluster / 2-node configuration.

Final note
If the issue is only that the witness shows as expired/evaluation in vCenter after an upgrade, try the simpler workaround first: set /VSAN/HostDeployedFromWitnessOVF to 1, reboot, wait a few minutes, and disconnect/reconnect the host in vCenter.

Please follow and like my blog:
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.