There are several reasons why a replacement of the vSAN Witness could be necessary. Migration from HW Witness to a VM, replacement of a faulty Witness or like it was in my case upgrade of the Witness host to the actual version.

The steps are all the same for the above reasons.

Download the Witness appliance

  • Select Products and then All Products
  • Scroll down to VMware vSAN and select View Download Components
  • Go to Drivers & Tools open VMware vSAN Tools, Plug-ins and … and choose your desired version of vSAN Witness Appliance
  • At the end click on Download now

Deploy the Witness appliance

To deploy the downloaded OVF Template login to your vSphere Client and follow the steps.

  • Right-Click your Datacenter and select Deploy OVF Template…
  • Select Local file select the downloaded ova. file and click onNext
  • Give your new appliance a name and select a folder where the appliance should be placed. I crop the build number but keep the main and update version in name so I can later easily identify the “old” and “new” appliance.
  • Choose on which compute ressource the Witness should run and click on Next (in my case a standalone ESXi)
  • Review the details and click on Next. Accept all license agreements and click also on Next.
  • Now you have to choose how many VMs will be stored inside your vSAN. This affects the size of the Witness host. Where the Tiny version runs with 2 CPU, 8 GB vRAM and about 40 GB HDD the Large version runs with 2 vCPU, 32 GB vRAM and over 1TB HDD.
  • In Lab you can choose Thin Provision to save space.
  • After that you have to select the networks for the VMkernel ports. In my case both are runnning in the same VLAN. In production environment often Management and vSAN traffic runs on different networks.
  • At least set the root password for the appliance
  • Review your settings and click on Finish

Configure and add the Witness Host appliance

  • After the Witness deployment is done, you have to power it on.
  • Maybe you have noticed that there was no point setting the IP of the appliance in the OVF configuration. After the appliance is up you can see that it is configured to optain IP via DHCP.
  • Login with root and your password after pressing F2
  • Select Configure Management Network and configure settings according to your network (VLAN; IPv4; DNS; …)
  • After you have done all settings management network must be restarted.
  • Switch to the vSphere Client and add the Witness Host to your Datacenter
  • Insert configured Witness IP (or FQDN if you have add it to your DNS)
  • Type in your root user and password
  • You will see that you don’t need an extra license. The vSAN Witness Host has its own license. The multiple X’s are okay ;)
  • After adding the Witness Host to vCenter you have to edit the VMkernel adapter for the witnessPG
  • Select the (blue) Witness Host and go to Configure > Networking > VMkernel adapters. Select vmk1 and click on Edit
  • Type in the IP for vSAN traffic and click OK

Replace the Witness Host

After all preparations are done you can replace the “old” Witness Host with the new one.

  • Select your vSAN cluster where you want to replace the Witness
  • Go to Configure and select Fault Domains in the vSAN section
  • Click on Change in the Streched Cluster configuration
  • Three really easy steps are needed
  • Select the new Witness Host and click on Next after the checks succeeded.
  • Select the disks (just simple because there is only one disk per tier :) )
  • Click on Finish to start the replacement.

Check Replication and Health

The Replacement of the Witness Host should be finished in seconds. But vSAN will throw a health alert.

  • Go to your vSAN Cluster > Monitor > vSAN > Health
  • You will see many objects with Reduced availability with no rebuild…
  • To enforce the rebuild process click on Repair Objects Immediately and wait a moment
  • After a refresh the object health should looks better and after a short or longer time (depending on your object count) the rebuild will be finished.
  • After rebuild is done you can shutdown the “old” Witness Host
  • After shutdown is complete you can remove the host vom inventory and delete the VM