We were wanting to unregister some domains from UCS Central (Version 1.1(2a)) but we want to understand the impact of doing that better before we go ahead and do it. The only documentation I can find says to just click the link and then it says "When you unregister a Cisco UCS domain from Cisco UCS Central, Cisco UCS Manager no longer receives updates to global policies." In our installation we also have a radio button directly below the Actions that say we can choose Localize Global or Deep Remove Global cleanup options. We don't see any reference to that in the documentation though.
We want to make sure that whatever global policies we have will be retained as global policies as these are production systems. Are we correct in our thinking that the unregistering will just create local policies out of the already applied global policies and we can then just manage them independently?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First question, is why do you want to de-register? What issues are you running into that require you to un-register production systems?
If you do un-register, it will localize all global policies and profiles. If you do re-register, you can point local policies back to UCS Central to be re-resolved to global policies, but not with your service profiles. Those in the current releases of UCS Central can't be re-globalized without an outage.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eric,
How about in a scenario where you migrated from Self-signed to 3rd party certificate on a non-default keyring? We're noticing when we change the HTTPs cert to non-default keyring it breaks UCSM<->UCSC communication. TAC is saying you need to unregister from Central and re-register just to use a 3rd party cert? That seems like hundreds of hours of work just to accomplish that, if so.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hello Ryan
I am in pretty much the same scenario that you describe.
I am wondering: What kind of certificate template did you use to create the cert for UCSC (Central)? I assume you are also using a MS PKI infrastructure?
In the documentation it states, that you should use the "subordinate certification authority" template.
I found some information here as well: https://supportforums.cisco.com/discussion/12430656/ucsc-3rd-party-certificates-subordinate-ca
Maybe you have some further information on that issue?
Or how did you resolve the issue with the 3rd party certs and the communication between UCSM and UCSC?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comments
0 comments
Please sign in to leave a comment.