NSX-T EDGE Node Registration Pending


If you see EDGE node registration in pending state like below 

Run below command on NSX-T manager to get thumbprint

get certificate api thumbprint



Run below command on Edge machine using putty session.

join management-plane username admin password Welcome@1989 thumbprint 35c035720be59bcec7dd9d8067335510e191cdcd06fc360ffd75162f84422c6b

Sync problem with SUP and WSUS Microsoft SystemsManagementServer WSUS WSUSServer ConnectToWSUSServer

 System.Net.WebException: The request failed with HTTP status 400: Bad Request.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

SCCM SUP and WSUS sync failed -> If you are seeing SCCM SUP and WSUS sync failed in WSUSCTRL.log then you need to make sure IIS is installed correctly in the WSUS server.

To verify you need to open IIS on the WSUS server and browse some IIS components like below.

If the page is not opening properly then you need to check IIS Role-> Features where have installed all roles and features are not specially Directory Browsing .

Reinstalled the missing components and did the proper binding and checked again it should work.

I fixed my similar issue after following similar steps

PowerShell Script to automate ESXI host add to vCenter | NTP configure | DNS configure | Place host into maintenance mode

#PowerShell script to automate ESXI configuration part post new ESXI deployment


$vCenter= Read-Host "Enter vCenter Name"

$VCCred = Get-Credential

#Add ESXI Host

$ESXI1= Read-Host "Enter ESXI host Name"

$ESXICred= Get-Credential


$String= $ESXI1

$String.Substring(0,$String.Length-12) | Out-file 'C:\temp\output.txt'

$Prop= Get-Content -Path 'C:\temp\output.txt'


#Connect vCenter 

Connect-VIServer -Server $vCenter -Credential $VCCred


#Collect Datacenter details 

$Datacent= Get-Datacenter


#Prompt for to enter Datacenter Name, enter here short name inside *.........*, 

$DCM= read-Host "*Enter DC shortname Name inside both*"


# String to remove extra character from DC that we are typing manually


$NTP.subString(1,$DCM.Length-2) |Out-file 'C:\temp\DCName.txt'

$DCName= Get-Content -Path 'C:\temp\DCName.txt'


Add-VMHost -Server $vCenter -Name $ESXI1 -Location $DCM -Credential $ESXICred -Force



Get NTP Server details




# PowerCli command to COllect NTP server details from existing Datacenter >host

Get-Datacenter | Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Where-Object {$_.Name -imatch "$Prop"} |Get-VMhostNTPServer |Out-file 'C:\temp\NTPServer.txt'

$NTPServer= Get-Content -Path 'C:\temp\NTPServer.txt'



Get-Datacenter |Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Out-File 'c:\temp\VMhost.txt'

$NTPHost= Get-Content -Path 'C:\temp\vmhost.txt'



#PowerCli command to add existing NTP server details into new ESXI host

Add-VMHostNtpServer -NtpServer $NTPServer -VMHost $ESXI1 | Where-Object {$_.Name -imatch "$ESXI1"}


# PowerCli command to Collect DNS Name, DNS IP, SearchDomain

Get-Datacenter | Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Where-Object {$_.Name -imatch "$ESXI1"} | Get-VMHostNetwork | Select-Object DomainName, SearchDomain, DnsAddress |Out-file 'C:\temp\NetInfo.txt'


$NetInfo= Get-Content -Path 'C:\temp\NetInfo.txt'



# PowerCli Command to add DNS Address, SearchDomain

$vmHostNetworkInfo = Get-VmHostNetwork -Host $ESXI1


Set-VmHostNetwork -Network $vmHostNetworkInfo -DnsAddress '','' -SearchDomain temp.ads.com -DnsFromDhcp $false



#Put ESXI host into maintenance mode


Set-VMHost -VMHost $vmhost -State "Maintenance" 

What is AD RMS? configure AD RMS step by step

 What is AD RMS and how to configure ?

AD RMS enables you to protect your intellectual property through the integration of several features. In fact, in addition to a direct integration with Active Directory Domain Services (AD DS),AD RMS can also rely on both Active Directory Certificate Services (AD CS) and Active Directory Federation Services (AD FS).

AD CS can generate the public key infrastructure (PKI) certificates that AD RMS can embed in documents. AD FS extends your AD RMS policies beyond the firewall and supports the protection of your intellectual property among your business partners.



AD RMS Configuration step by step

1. Here I have three servers

1.0  Windows server 2K12R2           AD         (FQDN:- srv.adds.com IP

1.1  Windows server 2K12R2           ADRMS (Host Name:- NodeB.adds.com IP

1.2  Windows server 2K12R2           Client     (Host Name:- NodeA.adds.com IP 

2. First step we need to create a service account and AD (ADRMSSRV) .


select user>R.C and select new user > Enter all details

Set password and check mark on both user can't change password and password never expire 

3. Second we need to create two groups in AD 

 Group name as below

a. ADRMS_Full

b. ADRMS_limited

Enter ADRMS_Full and click OK


Enter ADRMS_Limited  and click OK

Next, add a few users to ADRMS_Full group, for this Demo I choose 4 of my Marketing users to join ADRMS_Full.

Select Group Name > R.C and click on members

Enter Users Name to whom you want to add in member list and click on check names 

Next, add few users to ADRMS_Limited group, for this Demo I choose 4 of my Marketing users to join ADRMS_Limited.

Select Group Name > R.C and click on members

and follow the steps as follow above

4. Fourth steps now we need to created Host (AA) record on same AD server and assign ADRMS SRV IP (NodeB.adds.com) 

Name as below


Open DNS > R.C on domain name select New Host

Enter ADRMS name in Name field and IP address

Next, log in to NodeB.adds.com to start Install and configure the AD RMS server role

Open Server Manager, click Manage, and then click Add Roles and Features, in the Add Roles and Features Wizard, click Next 3 times

Then click Next 4 times

Next, click Install to proceed…

Click Close when installation successful

Next, on the All Servers Task Details page, click Perform Additional Configuration

Select create new ADRMS root cluster >Next

Select use windows internal database on this server

Specify new created service AD ID (ADRMSSRV)

Select Cryptographic mode

Select use ADRMS centrally managed key storage

Enter password

21 – On the Cluster Address box, provide the following information, and then click Next to proceed :

– Connection Type: Use an unencrypted connection (http://)

– Fully Qualified Domain Name: ADDS.COM

– Port: 80

On the Licensor Certificate box, type ADDS NodeB, and then click Next…

Click on install

Now the installation part has been completed.

Next, open Internet Information Services (IIS) Manager…

In Internet Information Services (IIS) Manager, expand Sites\Default Web Site and click _wmcs, then under /_wmcs Home, double-click Authentication

Then right-click Anonymous Authentication and click Enable

In the Connections pane, expand _wmcs and click licensing and double-click Authentication

Right-click Anonymous Authentication and click Enable, then close IIS Manager…

Next, lets configure AD RMS ADRMS_Full  group for NodeB

In Server Manager, click Tools, and then click Active Directory Rights Management Services…

In the Active Directory Rights Management Services console, expand the NodeB node, and then click Security Policies and click on change super user settings

Select Super users and click on enable super users


Now click on Change super users group > Type ADRMS_full@adds.com

Note :- there should be with email ID 

Open Active Directory Rights Management Services console, then click Rights Policy Templates node and then in the Actions pane, click Create Distributed Rights Policy Template

In the Create Distributed Rights Policy Template Wizard box, on the Add Template Identification information box, click Add

On the Add User Rights box, click Add, then on the Add User or Group page, type ADRMS_Limite

When ADRMS_Limited is selected, under Rights, click View. Verify that Grant owner (author) full control right with no expiration is selected, and then click Next…

– On the Specify Expiration Policy box, you can do settings and then click Next

On the Specify Extended Policy box, click Require a new use license every time content is consumed (disable client-side caching), click Next, and then click Finish.

Next step, lets configure the rights policy template distribution…

Now you need to create two folders in C:\

C:\RMSTemplates      Full access to ADDS\ADRMSSRV

C:\DocShare                Full access to ADDS\Everyone

On the ADRMS console, click the Rights Policy Templates node, and in the Distributed Rights Policy Templates area, click Change distributed rights policy templates file location, then in the Rights Policy Templates dialog box, click Enable Export…

Next, in the Specify Templates File Location (UNC), type \\NodeB\RMSTEMPLATES, and then click OK

Next, open Windows Explorer and navigate to the C:\rmstemplates folder, and verify that Test Full Access.xml is present

Next, on the ADRMS Console, click the Exclusion Policies node, and then click Manage application exclusion list

Actions pane, click Enable Application Exclusion…

Now All Done wait for next part

Featured Post

HPE MSA 2040 configuration step by step

HPE MSA 2040 configuration Default IP range for HP SAN storage MSA 2040 is You need to connect your laptop and storage with...