Skip to main content

How to Cleanly Uninstall Legacy NSX and Trend Micro from ESXi

So I recently migrated from a vSphere 5.5 environment to 6.5 using the migration utility. Overall, I had a great experience with a few exceptions, both of which were my fault. We’ll cover one of them in this post.

We were running Trend Micro Deep Security, which means we had NSX deployed in support of that product throughout our environment. My thinking, incorrectly, was that after the vCenter upgrade, I could upgrade the existing NSX components of the environment and I would be off to the races!

That was a mistake, and I thought it might be worth it for me to share what I saw unfolding, and how I resolved the issues. So here goes…

After the vCenter upgrade was successful, I noticed that I no longer had an NSX manager registered, which was odd. I was seeing issues with DRS, and the only way to get around the virtual machines hanging and eventually erroring out during DRS triggered vMotions was to manually migrate the virtual machines to other hosts and place the affected host in Maintenance Mode while I took steps to remove all things NSX, Guest Introspection and Trend Micro.

Here’s a step-by-step walkthrough of how I got all of my hosts, and my vCenter ready for a redeployment of NSX and Trend Micro.

  1. Remove the epsec-mux VIB on each host in the cluster prepared for Guest Introspection from the host’s CLI:

    #esxcli software vib remove -n epsec-mux

    If a host reboot is required, the CLI will tell you after you run the command above.

  2.  Verify the VIB is gone:
    #esxcli software vib list | grep mux
  3.  Delete the Guest Introspection and Trend Micro VMs from disk by right-clicking each of them in inventory and selecting Delete from disk.
  4.  Remove the vmservice-vswitch vSwitch on each host which is only used for the Guest Introspection and Trend Micro virtual machines:
    1. Select the host in inventory.
    2. Select the Configure tab.
    3. Expand Networking, and select Virtual Switches.
    4. Select vmservice-vswitch.
    5. Click the Remove selected standard switch button (the Red X).
      Note: The portgroup vmservice-vmknic-pg will be deleted along with the vSwitch. There should not be any VMs connected to it, since we deleted the service VMs in step 3.
  5. Delete the ESXi agencies associated with the deployment:
    1. From the Home menu, select Administration.
    2. Expand Solutions, and select vCenter Server Extensions.
    3. Select vSphere ESX Agent Manager.
    4. Select the Configure tab.
    5. Right-click agency pertaining to Guest Introspection and Trend Micro deployment.
    6. Select Delete Agency.

Do the above for each affected host, and everything will be cleanly uninstalled and you’ll be ready to redeploy a new NSX manager. Once NSX manager is deployed and registered to the vCenter, you can deploy Guest Introspection and Trend Micro through the Service Deployment tab. Maybe I’ll cover that in the next post.

Hopefully, you never have to follow this guide. If it was helpful, leave a comment or share the article!

Spread the love!

Scott Forehand

Scott Forehand is an accomplished systems architect, engineer, and administrator with over a decade of experience designing and managing virtual environments, networks, storage and server infrastructures and operations with a proven ability to create and automate solutions to improve productivity, reliability and performance. He has achieved multiple certifications in virtualization, networking, cloud, storage and other technologies, and is honored to be a VMware vExpert in 2018.