From ff129e31869686fcb65476b36ec58bda4d7c7a01 Mon Sep 17 00:00:00 2001 From: Adam Rudell Date: Wed, 1 Apr 2026 15:15:11 -0500 Subject: [PATCH] Revise SCVMM certificate commands in troubleshooting guide Updated commands for checking SCVMM certificate and SDN diagnostics. --- ...-to-connect-to-ApiService-due-to-SCVMM-certificate.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/TSG/Networking/Arc-Enabled-SDN/NCHostAgent-unable-to-connect-to-ApiService-due-to-SCVMM-certificate.md b/TSG/Networking/Arc-Enabled-SDN/NCHostAgent-unable-to-connect-to-ApiService-due-to-SCVMM-certificate.md index 17f9712..e989678 100644 --- a/TSG/Networking/Arc-Enabled-SDN/NCHostAgent-unable-to-connect-to-ApiService-due-to-SCVMM-certificate.md +++ b/TSG/Networking/Arc-Enabled-SDN/NCHostAgent-unable-to-connect-to-ApiService-due-to-SCVMM-certificate.md @@ -47,7 +47,8 @@ Test-SdnCertificateMultiple : FAILED - One or more hosts unable to program SDN policies - Live migration to/from affected hosts results in VM network loss -- `Debug-SdnFabricInfrastructure` reports certificate and connectivity failures +- `Debug-SdnFabricInfrastructure -NcRestCertificate (Get-SdnServerCertificate)` reports certificate and connectivity failures +- `Get-SdnServerCertificate` returns multiple certificates - Network Controller API calls fail intermittently or consistently from affected hosts ## Root Cause @@ -93,7 +94,8 @@ flowchart TD On each affected host, open the local machine certificate store and look for the SCVMM self-signed certificate. It will have a subject or friendly name containing `SCVMM_CERTIFICATE_KEY_CONTAINER`. ```powershell - Get-SdnServerCertificate -NetworkControllerOid | Format-List Thumbprint, Subject, NotBefore, NotAfter, Issuer, FriendlyName + # SdnDiagnostics 4.2601.27.234 and later builds introduce a -NetworkControllerOid parameter for Get-SdnServerCertificate that should be used + Get-SdnServerCertificate | Format-List Thumbprint, Subject, NotBefore, NotAfter, Issuer, FriendlyName ``` 1. **Remove the conflicting SCVMM certificate** @@ -122,7 +124,8 @@ flowchart TD ```powershell # Re-run SDN fabric diagnostics to confirm certificate issues are resolved - Debug-SdnFabricInfrastructure + # SdnDiagnostics 4.2601.27.234 and later builds introduce a -NetworkControllerOid parameter for Get-SdnServerCertificate that should be used + Debug-SdnFabricInfrastructure -NcRestCertificate (Get-SdnServerCertificate) # Verify NCHostAgent connectivity and certificate health pass # Expected: Test-SdnHostAgentConnectionStateToApiService and Test-SdnCertificateMultiple should now pass