TN - 1223 Re-Connecting to System Management Server after Hardware Replacement or VM Restoration
Description
This article from InSource will guide you through reconnecting to System Management Server (SMS) after a hardware replacement or VM restoration.
- Author: Mario Meza
- Published: 03/09/2022
- Applies to: System Management Server 2017 and above
If you connect a machine to the System Management Server (SMS) and then later replace the machine due to hardware failure, or restore the VM to a state prior to that connection without first disconnecting the machine from the System Management Server (SMS), you will not be able to reconnect that same machine to the System Management Server (SMS). This is to protect the security of the system. System Management Server (SMS) uniquely identifies each machine that connects to it. Should an intruder attempt to pretend to be that machine (spoofing) and re-registers with that machine’s name, the System Management Server (SMS) will detect the mismatched identity and reject the suspected intruder’s registration.
Resolution:
- Before replacing a connected machine, and/or restoring the connected VM to a pre-connected state, run the Configurator on that machine and disconnect it from the System Management Server.
- If that is not possible (i.e., the machine is no longer available due to hardware failure), then you will need to remove the connection information on the System Management Server (SMS) manually:
After attempting to reconnect the machine, the logger will contain the warning:
“ArchestrA.CertificateManager: Please un-register the device <device name> from management server. Use the (Remove-AsbDevice) script to remove the device registration”
Remove-AsbDevice is a PowerShell command that will remove the machine’s connection information from the System Management Server (SMS).
To execute this script on the System Management Server (SMS) node launch PowerShell as Administrator and enter Get-AsbDevice
You will be prompted to enter the Management Server Address which should be entered in the following format
https://<SMSHOSTNAME>:443
* Be sure to use all CAPS for the SMSHOSTNAME
Once entered you will see a Windows PowerShell Dialog credential request (below).
Enter the user name and password of a local Administrator and select OK
In a moment you should see the interface populate with a list of registered devices
Once you've identified the DeviceID of the machine or VM that no longer exists, enter Remove-AsbDevice and hit enter.
You will be prompted to enter a DeviceID. Enter the DeviceID of the machine or VM you want to remove and hit enter.
You will again be prompted to enter the Management Server Address which should be entered in the following format:
https://<SMSHOSTNAME>:443
* Be sure to use all CAPS for the DEVICEID and the SMSHOSTNAME
Once entered you will again see the Windows PowerShell Dialog credential request.
Enter the user name and password of a local Administrator and select OK.
From here you can re-run Get-AsbDevice to validate the DeviceID no longer exists in the list of registered devices or you can go straight to configure the system management server from replacement system configurator.