vCenter Advance settings is used to modify the vpxd.cfg configuration file. To view the configuration options available with Advance settings, login to Web Client and select vCenter server from vCenter Inventory list and navigate to Manage > Settings > Advanced Settings as sown below.
You can use Advanced Settings to add/edit entries to the vpxd.cfg file, but can’t delete them. A user should have Globa.Settings privileges to make any configuration change from here.
For e.g to see list of available options for certificate related settings, type certmgmt in search box and hit enter.
Some of the commonly used advanced settings are listed in below table:
||In vSphere 6.0, vCenter Server monitors all certificates in the VMware Endpoint Certificate Store and issues an alarm when a certificate is 30 days or less from its expiration. You can change how soon you are warned with the vpxd.cert.threshold advanced option.
For example if you set this value to 10 days, then vCenter will warn you only when there are 10 days or less for certificate expiration.
||For small environments, using VMCA using VMCA issued certificates for your ESXi hosts is the best solution. If your organization policy requires the use of custom certificates with a different root CA, you can edit this vCenter Server setting so that the hosts are not automatically provisioned with VMCA certificates when you refresh certificates.
Change the value of vpxd.certmgmt.mode to custom if you intend to manage your own certificates, and to thumbprint if you temporarily want to use thumbprint mode and restart Vcenter server service.
||Hard threshold for certificate expiration. vCenter Server raises a red alarm when this threshold is reached.
||Country Name for the ESXi Host Certificates. Default is USA.
If you set it to say India, then the default country code will be presented as IN when you run the certificate manager utility to generate/replace certs
||Locality Name for ESXi Host Certificates. Default is Palo Alto
||State Name for ESXi Host Certificates. Default is California
||Organizational Unit Name for ESXi Host Certificates. Default is VMware Engineering
||Organization Name for ESXi Host Certificates. Default is Vmware
||Interval in days between Esxi host certificate validity checks by the vCenter server system
||Default port for vCenter and Esxi heartbeat exchange. Default value is 902.
||Network rollback was a feature which was introduced in vSphere 5.1. Host networking rollbacks occur when an invalid change is made to the host networking configuration. Every network change that disconnects a host triggers a rollback.
By default it is set to true. You can force this value to false to disable network rollback.
||Default value is 8089
||Default value is 8085
||VIM password expiration in days. Default value is 30 days
||This settings defines whether or not logs will be compressed when they roll out. Default value is true
||Default setting is Info. Other accepted values for this settings are: none,error,warning,verbose and trivia
||smtp username that vCenter server will use for sending email notifications in case of vCenter events
||Port number for sending email. Default value is 25
||password of the smtp username
For more information on vCenter Advance Settings, please see below articles
Advanced settings for vSphere 5.5 & 6.0
vpxd.cfg advance configuration
vCenter Certificate Management Default Values
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂