You can add vCenter for a central or regional site.


  • Obtain the required licenses and network information required for configuration.

  • Regenerate the Self-Signed Certificates on ESXi Hosts. For details, see ESXi Host Certificate.

  • Ensure that you configure for vMotion and vSAN network.


  1. Click Domains under Infrastructure Automation.
  2. Select the vCenter domain type.
  3. Click the Add icon to add the vCenter.

    The Add vCenter page appears.

  4. On the Add vCenter page, provide the required information, and click Validate to validate the vCenter details.
    Option Description


    The name of the site.


    vCenter FQDN


    vCenter login user name


    vCenter login password

  5. After the vCenter validation is complete, provide the following details and click Save to save the changes.
    Option Description




    Enter the name of the data centre.


    The location of the site. Click the button corresponding to the location.


    Enter the keyword to search a location.


    Latitude of the compute cluster location. The details are automatically added when you select the location. You can also modify the latitude manually.


    Longitude of the compute cluster location. The details are automatically added when you select the location. You can also modify the longitude manually.


    Provide VMware vSphere and VSAN license details.

  6. If domains are created prior to VMware Telco Cloud Automation 3.0:

    If any vCenter (pre-deployed Central or Regional Site) domains are created in TCA 2.3 or before, where the vCenters have self-signed certificates, then workflows on such domains would fail because VC SSL validation is enabled now and these domains do not have the certificate information.

    You can resolve workflow failures using the following ways:

    1. Using Script: The ZTP container has a bundled python script that can be executed to update specific vCenter domains. A data file containing the names and the respective thumbprints of the domains to be updated must be prepared and the path of this data file must be provided as an argument to this script.

      1. SSH into the TCA VM.

      2. Enter into the ZTP container with the following command:

        kubectl exec -it tcf-manager -n tca-mgr -- bash
      3. Prepare a JSON file having the data in the specified format as below:

        "<vcenter Domain 1 name>": "<SHA-256 thumbprint of the VC>",           
        "<vcenter Domain 2 name>": "<SHA-256 thumbprint of the VC>"        
      4. Run the python script for updating the thumbprint with the following command:

        python3 <path of the above JSON file>

        The script takes time based on the number of domains in the payload ensures that all the specified vCenters have their specified thumbprints set and are PROVISIONED. If any errors occur, they are displayed in the output of this script file.

    2. From UI:

      1. Navigate to Domains > vCenter > Edit the specific vCenter

      2. Enter the password and click Validate. A pop-up dialog box appears. Click Allow Certificate and save the domain.

      3. Resync the specific vCenter domain and wait till it is PROVISIONED.

      4. After the status of vCenter domain changes to PROVISIONED, the new SSL certificates are now in place in ZTP and any new workflows will now be successful. Any previously failed workflows due to SSL errors must be resynced and they will now be successful.


      If the certificates are expired or rotated, then workflows fail. To resolve this issue, first fix the SSL certificates issue at the vCenter level (issue the new SSL certificates) and then use either the script or the UI method as described above