VMware Cloud Community
dennes
Enthusiast
Enthusiast

vCenter 4 on Domain Controller

Hi,

I was trying to upgrade a Virtual Center 2.5 (on a 2003 Standard x86 SP2 server), on a Domain Controller, to vCenter 4 and it quits the setup saying it won't install on a domain controller. Is there a workaround for this, or is this never going to work and i should install another server as VC?

Thanks,

Dennes

Reply
0 Kudos
17 Replies
Troy_Clavell
Immortal
Immortal

I don't know if it's never going to work, but I would not consider installing vCenter on a Domain Controller. What happens if you ever need to reboot your vCenter instance for some reason?

My advise would be if it's a hardware issue, install vCenter on a VM.

admin
Immortal
Immortal

It is not recommended to install on a domain controller.

A suggestion i heard but I did not try, was to create the group before the install. Then it will not have to try and create the group.

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal

A best practice (IMHO) is to have the vCenter Server clean.

No other services. Just VMware's services (or related).

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
azn2kew
Champion
Champion

If its for large enterprise environment, you should only have vCenter server on it's own and in any situation, installing vCenter server on a domain controller is not doable unless you can try different method but haven't tested yet. What happen if you create a new VM, join the network and install vCenter server components. Rebooted and then dcpromo it to be the domain controller and that way you can have 2 DC for redundancy. I haven't try it but you always give it a shot on a VM.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

VMware vExpert 2009

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA
Reply
0 Kudos
dennes
Enthusiast
Enthusiast

Well, it's just a small 2 esx host environment and Virtual Center was running on a physical DC. I demoted that DC, leaving just the virtualized DC's and was able to proceed with the upgrade to vCenter. I'll save the host upgrades for next week when i'm onsite, that's something i wouldn't dare doing remotely Smiley Happy

Thanks,

Dennes

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal

Well, it's just a small 2 esx host environment and Virtual Center was running on a physical DC.

Remeber that you can also use a VM for VC Server.

Leave the physical machive for VCB and backup Smiley Wink

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos
VMmatty
Virtuoso
Virtuoso

I think the reason you can't install it on a domain controller is because vCenter 4 installs an instance of ADAM (Active Directory Application Mode). It uses this when you use vCenter Linked Mode. I don't think you can install ADAM on a domain controller.

Matt | http://www.thelowercasew.com | @mattliebowitz
Reply
0 Kudos
TomHowarth
Leadership
Leadership

vCenter 4.0 on a DC is a no no now as it utilzes a ADAM Datastore, this would conflict wit AD services

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://my.safaribooksonline.com/9780136083214]”. Currently available on roughcuts

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
Reply
0 Kudos
biggun
Contributor
Contributor

I can understand the ADAM and domain controller compatibility issue but take this scenario:

2 x ESX4 non-shared storage servers

Site A - Physical DC and ESX server running 5 VM's, one running the VC/VUM.

Site B (DR) - Physical DC and low spec ESX4 server with two replicated VM's, one being the VC VM.

Therefore:

VC/VUM can only run on a VM

VUM cannot update Site A ESX host as it states VC or VUM is running on a VM inside the host.

Why should we have to waste a Windows licence and a physical server to hold the VC/VUM only?

Can we not simply turn off ADAM or alter it's listening/? port during install, as we don't really need/use this in such a small environment?

Can anyone think how to update the host that is running the VC/VUM VM?

Any other suggestions?

Thanks.

Reply
0 Kudos
markzz
Enthusiast
Enthusiast

I have the same situation as biggun.

Small site of 1esx hosts which houses DR and LAB, there's 2 DC's for redundancy one virtual and 1 physical. Previously the hardware which housed the DC ran the VC too, it was/is a 700Mhz ML330 g1 (old). Althoughh slow it deals with these tasks fine for this environment.

I need a physical DC so my DC's are hardware redundant.

I need a physical server for VCB, Therefore I could use the DC as a backup proxy and virtualise the VC. OH bugger how would I apply updates.

I'm not feeling green here. I'm now going to have to run a Physical DC and a Physical VC..

I'm doing my best to reduce the amount of hardware running and therefore power consumed, afterall isn't that one of the primary drivers for virtualisation.?

Hey how about I install VMWare server on top of the Win2k3 OS then I can run the VC on the physical and have the DC virtualised on vmware server. So I'm driven to implement a dinky solution or be unkind to my power bill and the planet.

Any ADAM gurus out there. How can we get ADAM to install on a DC or simply fool the VCenter installer into believing it's not being installed on a DC.

I read back over this and it just reads UNSUPPORTED CONFIGURATION.

Reply
0 Kudos
TheBrains
Contributor
Contributor

And there's one more:

I also hava a small site:

- 2x ESX

- shared storage

- physical AD/ Vcenter (Vcenter authenticates on the Domain)

I need one AD to be alive to login on my Vcenter if the ESX servers stop workin.... Chicken Egg??

Reply
0 Kudos
gatekeep
Contributor
Contributor

You theoretically can get vCenter 4 on a Domain Controller. I have done it (on Windows Server 2008), however, vCenter must be installed in a special way, and this most likely will be utterly and completely unsupported by VMware so I'd say only do this in a lab environment.

Specifically to acheive the desired result, vCenter must be installed on the target domain controller before it is a domain controller. After vCenter is installed, the vCenter ADAM instance needs to be reconfigured so that it does not conflict with the real Active Directory services.

To do this open a command prompt:

1. net stop VMwareVCMSDS

2. dsdbutil

At the dsdbutil: prompt do:

3. activate instance VMwareVCMSDS

4. LDAP port 3899

5. SSL port 6369

4. quit

Back at the command prompt do:

5. net start VMwareVCMSDS

After this is done you must modify the instance.cfg file for vCenter (on my Windows 2008 machine it was located at: C:\Users\All Users\VMware\VMware VirtualCenter), change the line that says "ldapPort=389" to "ldapPort=3899". (There is no entry for the SSL port, seemingly vCenter does not use it.)

You can confirm this works (before promoting the system to a domain controller) by restarting the VMwareVCMSDS service and the vCenter service.

After this is all done promote the target domain controller to a domain controller. If all went well viola, you now have vCenter 4.0, ADAM and full fledged domain controller on one machine.

P.S.: If you used the integrated SQL server you may have to change permissions for it to run as a Local System Service instead of a Network Service.

Reply
0 Kudos
markpiontek
Contributor
Contributor

Just wanted to comment on gatekeep's instructions and state that I've tested this in my environment on a secondary DC (2008R2) and it seems to work fine so far.  I am using the integrated SQL server and did have to change permissions for it to run as a Local System Service instead of a Network Service as mentioned at the bottom of his post.  Hopfully there are no issues with that going forward, but I can be prepared to move vCenter to a new VM if needed.

Thanks for the tip!

Reply
0 Kudos
TomHowarth
Leadership
Leadership

Nice workaround but be aware that your situation is fully unsupported by VMware.  if you have issues with this environment you will be completely on your own, whether you have support with VMware or not.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
Reply
0 Kudos
markpiontek
Contributor
Contributor

@Tom: Fully understood at this end.

Reply
0 Kudos
shaithis
Contributor
Contributor

EDIT: Can confirm this works on 5.0 as well.

Also, if like me you are installing from scratch, you can install server 2008, then install vcenter - during install it asks for the ports, you can just change the neccessry two ports. Once installation is complete you can add the DC role.

Reply
0 Kudos
techsaty
Contributor
Contributor

I realy like this post and working towards this, but couldn't get dsdbutil command working on my server and is giving out error as "not recognized as an internal or external command, operable program or batch file"

Please let me know how to use this command.

many thx in advance!!!

Reply
0 Kudos