How to clear old fingerprints from vCenter Server Appliance

Question

For context, an esxi host died, it used to have the IP address A.B.C.D

We've now replaced the server and I'm trying to add the new server to the cluster. The old server had been removed from the cluster.

We get this error message when trying to add the new host to replace the old one at the IP address A.B.C.D .

Clicking OK just causes the same error to pop up again.

My guess is that this is similar to when you replace a server and reassign the old IP and ssh throws a warning about a change to the signature. I'm guessing that somewhere the VSCA server has a list of fingerppints for every host it's ever connected to and doesn't like that this one has changed.

But the problem is I can't find anything on where the fingerprints are stored or how to clear an old one to allow this connection.

Answer 1

From my experience, that page is asking you to verify you want to use self-signed (or otherwise untrusted) certificates and doesn't have anything to do with a former host under the same name or IP.

There are a couple troubleshooting steps you could take to remedy the situation though:

1. Restart the management service on the ESXi server
2. Reboot the entire server
3. Add the host to the Datacenter, then move the host to the appropriate cluster
4. Replace the cert on the ESXi host (docs)