diff --git a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
index c5c92034..67b53237 100644
--- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
@@ -159,6 +159,7 @@ def get_net_apikey(nodename, mgr):
             else:
                 cliaddr = ('::', 302)
             clisock.bind(cliaddr)
+            clisock.settimeout(1)
             clisock.connect(addrinfo[-1])
             rsp = clisock.recv(8)
             if rsp != b'\xc2\xd1-\xa8\x80\xd8j\xba':
diff --git a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
index 075497c8..de81f55e 100644
--- a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
+++ b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
@@ -1,5 +1,11 @@
 #!/bin/sh
 # copernicus is hard coded, easier to script a fake sysfs
+if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
+    chvt 1
+    sleep 1
+    chvt 2
+    /etc/init.d/ESXShell start
+fi
 uuid=$(vsish -e get /hardware/bios/dmiInfo|grep -A15 UUID|sed -e 's/.*://'|sed -e ':a;N;$!ba;s/\n//g' | sed -e 's/ *0x//g')
 uuid=${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}
 mkdir -p /sys/devices/virtual/dmi/id/
@@ -55,7 +61,9 @@ if [ -e /tmp/confluentident/cnflnt.yml ]; then
     hmacfile=$(mktemp)
     ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
     /opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
+    echo -n 'Registering new API key with deployment server: '
     /opt/confluent/bin/apiclient -p $hmacfile /confluent-api/self/registerapikey $passcrypt
+    echo
     cp $passfile /etc/confluent/confluent.apikey
 fi
 while ! grep NODENAME /etc/confluent/confluent.info; do
@@ -84,12 +92,6 @@ if [ -z "$APIKEY" ]; then
     APIKEY=$(cat /etc/confluent/confluent.apikey)
 fi
 while [ -z "$APIKEY" ]; do
-    if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
-        chvt 1
-        sleep 1
-        chvt 2
-        /etc/init.d/ESXShell start
-    fi
     echo "Deployment server failed to grant node deployment token, retrying token retrieval"
     echo "A debug session has been made available on Alt-F1"
     (/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py
index 2fda8f12..89c536db 100644
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@@ -108,7 +108,7 @@ class CredServer(object):
                     client.close()
                     return
             cfgupdate = {nodename: {'crypted.selfapikey': {'hashvalue': echotoken}, 'deployment.sealedapikey': '', 'deployment.apiarmed': ''}}
-            if hmackey:
+            if hmackey and apiarmed != 'continuous':
                 self.cfm.clear_node_attributes([nodename], ['secret.selfapiarmtoken'])
             if apiarmed == 'continuous':
                 del cfgupdate[nodename]['deployment.apiarmed']