You can add ESXi hosts to an existing Trusted Cluster using the command line.

After you have initially configured a Trusted Cluster, you might want to add more ESXi hosts. However, when you add the host to a Trusted Cluster, you must take the additional step of remediation. When you remediate the Trusted Cluster, you ensure that its desired configuration state matches its applied configuration.

In the first version of vSphere Trust Authority released in vSphere 7.0, you run scripts to add a host to an existing Trusted Cluster. Starting in vSphere 7.0 Update 1, you use the remediate functionality to add a Trusted Host. In vSphere 7.0 Update 1, you still must use scripts to add a host to an existing Trust Authority Cluster. See Adding and Removing vSphere Trust Authority Hosts.


  • The vCenter Server for the Trusted Cluster must be running vSphere 7.0 Update 1 or later.
  • PowerCLI 12.1.0 or later is required.
  • Required privileges: See the add hosts tasks in Required Privileges for Common Tasks.


  1. Use whatever steps you normally do to add the ESXi host to the Trusted Cluster.
  2. In a PowerCLI session, run the Connect-VIServer cmdlet to connect as the Trust Authority administrator to the vCenter Server of the Trusted Cluster.
    Connect-VIServer -server TrustedCluster_VC_ip_address -User trust_admin_user -Password 'password'
  3. To check the Trusted Cluster's status, run the Get-TrustedClusterAppliedStatus PowerCLI cmdlet.
    Get-TrustedClusterAppliedStatus -TrustedCluster 'TrustedCluster'
  4. If the Trusted Cluster is not healthy, run the Set-TrustedCluster cmdlet with the -Remediate parameter.
    Set-TrustedCluster -TrustedCluster 'TrustedCluster' -Remediate
  5. To verify that the Trusted Cluster is healthy, rerun the Get-TrustedClusterAppliedStatus cmdlet.
    Get-TrustedClusterAppliedStatus -TrustedCluster 'TrustedCluster'