Hi,
Not sure if there's an official KB on this, but here's how it should work:
1. This assumes you have two physical NICs for your management network
2. Let's say on the vDS you're using uplink1 = vmnic0 and uplink2 = vmnic1
3. Remove vmnic1 from the vDS uplink => you'll still have connectivity through vmnic0
4. Create a new Standard vSwitch (VSS) and assign vmnic1 to it
5. Use the "Migrate VMkernel to another network" wizard from the new VSS and select vmk0. When prompted for a port group, name it mgmt-temp (or whatever you prefer), and tag it with the corresponding VLAN if needed
6. At this point, management is running on vmnic1 via the VSS. Now, you can remove vmnic0 from the vDS and assign it to the VSS for redundancy.
------------------------------
Alexandru
------------------------------
Original Message:
Sent: Aug 06, 2025 03:11 PM
From: Diego Velasquez
Subject: Removing ESXi Host Connected to Distributed Switch
Hello everyone,
I'm working on a task that requires me to replace the Machine SSL certificate on an ESXi host, with a certificate signed by an external CA.
I am following the process outlined in VMware's blog: Managing vSphere Certificates with PowerCLI.
To perform the certificate replacement, the procedure recommends removing the ESXi host from vCenter, generating a CSR, and then installing the new certificate via PowerCLI while the host is in standalone mode.
The challenge I am facing is that my ESXi host is currently connected to a vSphere Distributed Switch (VDS), and its management VMkernel adapter (Management Network) is attached to a port group on that VDS.
This means that, if I remove the host from vCenter, the management network would immediately become unavailable-since the VDS and its port groups are managed exclusively via vCenter.
My questions:
Has anyone encountered this scenario before?
What is the safest, most reliable procedure to migrate the management VMkernel adapter to a local standard vSwitch (VSS), so that I can then safely remove the host from the VDS/vCenter without losing management connectivity?
Are there any best practices or official VMware KBs to follow for this process?
Any insight, experiences, or relevant documentation would be greatly appreciated!
Thank you in advance
-------------------------------------------