Tag Archives: SSO

Manually Remove vCenter Server from SSO

Slide1

I was playing around in our test lab with Linked Mode vCenter Servers last week and ran across an error in the vSphere Web Client after I removed the second vCenter Server. The specific error I got was: Could not connect to one or more vCenter Server Systems: vcenter address:443/sdk

My first guess was that the uninstallation was successful but that SSO had held onto some remnants of the second vCenter so it needed to be manually unregistered with the Lookup Service. Here is what I did to get everything fixed.

Credit Due: Mark Almeida-Cardy at vi-admin.net has a great article about how to resolve this with vCenter 5.1 so I will use his post with updates for vCenter 5.5

VMware has a KB Article 2033238 that lays out the steps for vCenter 5.1 as well.

For Windows: <SSO install directory>\ssolscli\ssolscli listServices <Lookup Service URL>

For vCenter Server Appliance: /usr/lib/vmware-sso/bin/vi_regtool listServices <Lookup Service URL>

  1. In the list of services, locate the service entry that contains the address of the system where the solution was installed.
  2. Record the ownerId of the service entry.
  3. In the vSphere Web Client, navigate to Administration > SSO Users and Groups > Application Users and locate the application user with the same name as the ownerId you recorded.
  4. Right-click the user and select Delete Application User.
  5. At the command line, remove the service entry from the Lookup Service.
    1. Create a text file that contains the service ID.
      The service ID must be the only text in the file.
  6. Unregister the entry for the solution by running the unregisterService command.Note: It be necessary to Set your JAVA_HOME environmental variable (default jre location below).
    set JAVA_HOME=c:\program files\vmware\infrastructure\jre

For Windows: <SSO install directory>\ssolscli\ssolscli unregisterService -d <Lookup Service URL> -u “Lookup Service administrator user” -p “administrator password” -si <serviceId file>

For vCenter Server Appliance: </usr/lib/vmware-sso/bin/vi_regtool unregisterService -d <Lookup Service URL> -u “Lookup Service administrator user” -p “administrator password” -si <serviceId file>

Script I Used: ssolscli.cmd listServices https://VCENTER FQDN:7444/lookupservice/sdk > C:\sso_services.txt

Output txt file looked like this: 

Intializing registration provider…
Getting SSL certificates for https://VCENTER FQDN:7444/lookupservice/sdk
Anonymous execution
Found 15 services.

Service 1
———–
serviceId=Default-First-Site:9a003c74-4229-4d60-b89d-a0814ea00060
serviceName=VMware vCenter Support Assistant, WebClientPluginPackage
type=vsphere-client-serenity
endpoints={[url=https://IP ADDRESS:8443/plugin/package/ph-admin-ui.zip,protocol=http]}
version=1.0.0.1398556
description=
ownerId=support-assistant-localhost.localdom-21cb77ad-266c-4f84-9262-a1c0ddf1726c@vsphere.local
productId=com.vmware.phonehome
viSite=Default-First-Site

etc…..

Next let’s identify the services that we need to unregistered and copy/past the serviceId’s into another txt file (remember the name and location of this file)

Now we can run our unregistered script, mine looked like this: ssolscli unregisterService -d https://VCENTER FQDN:7444/lookupservice/sdk -u “LOOKUP SERVICE USERNAME” -p “PASSWORD” -si <FILE LOCATION>

Here is the result that I got:

C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>ssolscli unregister
Service -d https://VCENTER FQDN:7444/lookupservice/sdk -u “LOOKUP SERVICE USERNAME” -p “PASSWORD” -si C:\sso_services.txt
Intializing registration provider…
Getting SSL certificates for https://VCENTER FQDN:7444/lookupservice/sdk
Service with id “Default-First-Site:cdda2053-438a-439d-95aa-b47081f94e42” is successfully unregistered
Service with id “Default-First-Site:31d628f8-60e7-4955-a9aa-fd3e3a24bb31” is successfully unregistered
Service with id “Default-First-Site:6e21c57b-da61-460b-b6b2-ef82a3647dad” is successfully unregistered
Return code is: Success 0

Second instance of vCenter has been remove and no error on start up of vSphere Web Client….Happy Admin!

 

vSphere 5.5 Upgrade – Walkthrough and Notes

Since the announcement of vSphere 5.5 at VMworld, I have been waiting for the day to upgrade our environment. That day has finally come. We decided to go with the Simple Install since there isn’t anything custom when we install vCenter.

We have Horizon View in our environment, so the first step was to shutdown all workstations, linked-clones, etc and disable provisioning to not create additional clones. We shutdown all servers except our Firewall, Exchange, Primary File Server and vCenter servers (Apps and DB’s). Now that we have our environment in a controlled state, we are ready to start the upgrade process.  So lets get to it!

Download the vCenter 5.5 Install Package for Windows from VMware, mount the ISO or extract the contents to a temp location and select autorun.exe

Slide0Select the Simple Install Option, review the upgrade process and click Install to start the upgrade of Single Sign-On.

Slide1

It has already detected the previous version, Click Next

Slide2

Accept the End User License Agreement, who really reads that stuff! Click Next

Slide3

Make sure that the FQDN, IP is accurate. vCenter Windows Server is joined to the Domain and Value is correct, Click Next

Slide4

It has detected the previous instance of SSO so it will migrate the existing information, Click Next

Slide5

Choose the local default domain account credentials for SSO, Click Next

Slide6

Confirm the Site Name, Click Next

Slide7

Choose the install location, Click Next

Slide8

Here is an overview of the choices we made, time to Install

Slide10

It will take a little bit of time to install, when it completes it will proceed to start installing vSphere Web Client components.

 Slide3

vSphere Web Client begins to install and register with SSO. Next up is the Inventory Service.

Slide1

Pretty simply choice, keep your existing inventory or stay up all night and rebuild it. We chose to get some sleep tonight! Click Next

Slide2

It’s ready to install the Inventory Services, Click Install

Slide5

Install the components and watch the progress bar. It will immediately go into vCenter Upgrade next.

Slide1

Click Next

Slide2

Enter License, Click Next Slide3 \

Enter your SQL Database credentials for vCenter Database, Click Next

Slide4

It prompts you that vSphere Update Manager isn’t compatible with 5.5 (we will upgrade that after we are done), Click OK

Slide5

Upgrade the existing vCenter database, check the box, Click Next

Slide6

Choose Automatic, Click Next

Slide7

Unless you want a Domain Account to auto login, choose a separate login account for the vCenter Service Account.

Slide8

Validate your ports, you have the option to increase the ephemeral ports. We didn’t increase them because we will not hit 2000+ VM’s before vSphere 6 comes out, Click Next

Slide9

Everybody has a different take on this option, we chose Large so that we don’t have to hit an artificial limit on JVM Memory issues, to each his own, Click Next

Slide10

Time to Install, Click Install

Slide11

The database upgrade took a while…

Slide13

Progress!!!

Slide15

vCenter has finished the upgrade process, are we done? Not just yet!

Time to install the Windows vSphere Client, just select the Client install option and click Install.

Slide0

Next through the options since there isn’t any customization to apply.

Slide5

vSphere Client is updated, to sign in!

So at this point we went to fire up vCenter Windows Client to start upgrading Update Manager but ran into an error where our AD accounts wouldn’t authenticate to vCenter. After a little research (Google!) we found this article from VMware. We have a AD Admin group nested into the Local Admin group, upgraded vCenter doesn’t like this.

It was an easy fix, log in using local admin to vSphere Web Client, go to vCenter permissions and add Domain Admin group (users to manage vCenter), then you are back in business. Now it’s time to upgrade vSphere Update Manager so we can start upgrading ESXi Hosts.

Slide1

Choose vSphere Update Manager and Click Install

Slide2

In the Installation has detected our existing version of Update Manager, Click OK

Slide3

Click Next

Slide4

Allow Update Manager to download baselines, patches and others after install, Click Next

Slide5

Verify your vCenter Information, remember that vCenter account we entered earlier? Time to enter it again, it will validate and Click Next

Slide6

SQL Connection Info, Click Next

Slide7

Choose Yes I want to upgrade my VUM Database!, Click Next

Slide8

Verify Port Settings, Click Next

Slide9

Click Install

Slide10

Watch the progress!

Slide11

Installation is complete time to fire up the vSphere Windows Client to install the plugin.

Slide12

Login using your credentials or use Windows Credentials. Notice the warning in the new version, you MUST use Windows VIC to manage Update Manager, Site Recovery Manager or an isolated Host.

Now we need to load vSphere Update Manager into our vSphere Client so navigate to Plug-ins > Manage Plug-ins

Slide13

Choose Download and Install under the Status Column, It will fire up the Client Install

Slide15

Click Next

Slide16

Accept the End User License Agreement, Click Next

Slide17

Click Install

Slide18

Watch the progress!

Slide19

Click Finish

Slide20

Now we see that vSphere Update Manager has been installed and is “Enabled” in vSphere Client, time to start upgrading hosts!

First we need to create a Baseline to see which hosts are out of compliance. So let’s start there.

From the Home view select Update Manager from Solutions and Applications

Slide1

Create a new Baseline

Slide2

Choose a Name and select Host Upgrade for your baseline type, Click Next

Slide3

Choose you ESXi Image, if you do not see the ESXi image in the list, go to Admin View > ESXi Images tab to import the ESXi 5.5 image, Click Next

Slide4

 

Verify your settings and Click Finish, now we can run our baseline again the hosts we want to upgrade. For now we are only upgrading our Production Server Hosts because we are waiting on Teradici to update the Firmware of the APEX 2800 PCoIP Offload Cards for vSphere 5.5

 

Final Thoughts

So we simulated almost everything before we did the upgrade in Production, aside from the Nested AD Group, we didn’t hit any snags. I hope this walk through has been beneficial. If you have any questions or comments please post them.

vSphere 5.5 Upgrade – Ready, Aim, Fire!

I was hoping to have my DFW VMUG User Conference Download article finished today but I am waiting on my slide decks to put the final pieces together. So look for that article in the next few days, spoiler alert: the User Conference was awesome!

I want to upgrade vSphere 5.5 all night long!

Tonight we will be upgrading our vCenter environment to 5.5. As our team was going through our checklist I ran across some good tidbits of information, a lot of which came from my previous post. The two biggest items so far have been the which order to upgrade the components and to make sure there would be any hiccups during the upgrade. The component upgrade process we are going to follow is based on KB Article 2057795. Here is the upgrade order I plan to take:

5.5 Upgrade

So far we are aware of one issue going into the upgrade, there is a Single Sign-On issue related to AD authentication when running SSO on Windows 2012, you can find the reference here. I’m glad we caught this because we were planning to migrate our vCenter server onto 2012. There is a fix, but will wait to do the OS upgrade for another night.

I will be following up with my notes on how the upgrade process went.

Wish me luck!