If vCenter Server or Platform Services Controller (PSC) SSL certificates are changed, you MUST reregister to SSO and vCenter Server. If you are facing loss of connectivity between AppDefense Appliance and vCenter Server and you want to unregister vCenter Server that is registered with AppDefense Appliance. You then want to register the same vCenter Server with the appliance again.

Caution: Perform these steps of unregistering and reregistering vCenter Server with the AppDefense Appliance only when advised by the VMware support team.

Solution

  1. To unregister SSO, perform the following steps.
    1. Log in to the AppDefense Appliance VA GUI at https://<appliance ip address> using the admin credentials.
    2. (If needed) Click Cancel to the self-signed certificate.
      The Appliance Dashboard appears as a default home page.
    3. Go to the Appliance > Registration page.
    4. Go to the SSO lookup configuration section, and click Edit.
      A confirmation dialog box appears.
    5. If SSO is not reachable, and you want to go ahead and unregister, click Force SSO unregistration even if SSO is unreachable.

      To proceed with unregistration, click Yes.

      After you click unregister SSO, the vCenter Server gets unregistered and the appliance UI shows not set for SSO and vCenter Server.
  2. You can reregister SSO from AppDefense Appliance. Go to Appliance > Registration page.
    1. Go to the SSO lookup configuration section, and click Edit.
    2. Enter the host name of the vCenter Single Sign On (SSO) and click Register.
      On registering the SSO again, there should be no errors on the screen and the SSO hostname and thumbprint should be seen on the UI. It is same as first time registration. After SSO registration, you can see an option to register an associated vCenter Server.
  3. When you unregister vCenter Server and reregister from the AppDefense Appliance, all the AppDefense plug-in data including learned behaviors and network connections are lost. To avoid the data loss, take a backup of the AppDefense Appliance database before logging on to the appliance UI and changing the registration settings.
    1. SSH to the AppDefense Appliance using the admin credentials.
    2. Switch to superuser using the sudo su command.
    3. To take a backup of the AppDefense plug-in data, run the following command.
    /opt/vmware/vpostgres/current/bin/pg_dump -n alms appliancedb | gzip > /tmp/appliancedbdump.gz
    
  4. Log in to the AppDefense Appliance VA GUI at https://<appliance ip address> using the admin credentials.
  5. (If needed) Click Cancel to the self-signed certificate.
    The Appliance Dashboard appears as a default home page.
  6. Go to the Appliance > Registration page.
  7. Go to the vCenter Server details page, and click Unregister.
    A confirmation dialog box appears.
  8. (Optional) If vCenter Server is not reachable, and you want to go ahead and unregister, click Force vCenter unregistration even if vCenter is unreachable.
  9. To proceed with unregistration, click Yes.
    vCenter Server is unregistered with AppDefense Appliance. When you unregister vCenter Server from AppDefense, the AppDefense specific alarm definitions are removed from the vCenter Server.
  10. You can re-register vCenter Server from AppDefense Appliance > Registration page.
  11. After reregistering the vCenter Server, restore the AppDefense plug-in data as follows.
    1. SSH to the AppDefense Appliance using the admin credentials.
    2. Switch to superuser using the sudo su command.
    3. To take a backup of the AppDefense plug-in data, run the following command.
      gzip < /tmp/appliancedbdump.gz | psql -u dbuser -d appliancedb
    vCenter Server is registered again and AppDefense plug-in data is available in the vCenter Server.