none
VMM Upgrade to 2016 and NVGRE on DMZ network RRS feed

  • Question

  • Guys,

    hope someone can help.

    I have a working setup of Azure pack 2012 R2 with VMM, SPF, WAP and NVGRE for network virtualization. I am planning to upgrade VMM to 2016 which seems like all fine with SPF, WAP but since NVGRE is in DMZ network it requires manual cert export/import with VMM to upgrade the agents. 

    Can someone confirm if they had done this or any article which can help as I can;t seems to locate one exactly.

    Cheers

    Monday, November 25, 2019 9:39 AM

All replies

  • Hello,

    To my knowledge, this certificate is installed on the gateway, and is imported into the trusted certificate store on the VMM server during adding the gateway into the VMM fabric.

    Therefore, if only the SCVMM is upgraded to 2016, and the certificate is not replaced on the gateway, I think the certificate is still there, and not necessary to export and import again.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 26, 2019 5:50 AM
  • the procedure for installing VMM agent on perimeter host creates a new certificate needed to be imported on VMM. The issue here is to export import as the private keys will not be exported which I can see while trying to export the existing certificate.

    I am looking for procedure which can tell how to export private key for VMM agent host certificate if that helps.

    Tuesday, November 26, 2019 7:57 AM
  • Hello,

    For the security reason, the private key should not be exported.

    Is that possible to re-add the host in the VMM?


    Best regards,
    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 2, 2019 5:49 AM
  • thanks mate but this is NVGRE cluster with network services and active tenant using it so I can't really just remove or re-add without knowing it will break the functionalities. 

    there is no procedure or documentation on how this stuff actually need to be doing.

    Thursday, December 26, 2019 5:18 AM