DeanPung
Contributor
Contributor

Single Sign On upgrade Sequence 5.1 to 5.5 (multisite and linked mode)

Jump to solution

Hi There,

I'm trying to find SSO upgrade documentation that outlines the options that I must select for the following upgrade scenario:

Prior to upgrade to 5.5:

  • 2 x 5.1 vCentre servers (Windows 2K8R2) joined by linked mode.
  • Each vCentre has its own local SSO server which runs on the same vCentre server. Both have the same Deployment Id.

My understanding it that the upgrade for SSO so Linked Mode will work post 5.5 upgrade should go as follows (obviously linked mode has been removed prior to the upgrade):

  1. On the first SSO server. Upgrade from 5.1 to 5.5 using the MULTISITE option. (Followed by Web Client, Inventory Service & vCentre Server).
  2. On the 2nd SSO server. Upgrade from 5.1 to 5.5 using the MULTISITE option. (Followed by Web Client, Inventory Service & vCentre Server).

The problem is on the first SSO server when I select MULTISITE option on the next page I enter the details for Partner host and password I've been getting one of the following errors:

  1. Failed to get server certificate, or
  2. Unable to get host name

And cannot proceed with the upgrade. The only option that works is the STANDALONE vCENTRE SSO SERVER option which I think linked mode wont work post upgrade.

Any help pointing me to a document that highlights the correct options so linked mode is retained post upgrade would be great.

Cheers

0 Kudos
1 Solution

Accepted Solutions
rcporto
Leadership
Leadership

You're using the vCenter 5.5 Update 2 installer or an old version ? Because there are some changes on descriptions of deployments modes between vCenter 5.5 GA/Update 1 and 5.5 Update 2, take a look:

The available deployment modes for vCenter Single Sign-On are:

For vSphere 5.5GA to vSphere 5.5 Update 1b:

  • vCenter Single Sign-On for your first vCenter Server
  • vCenter Single Sign-On for an additional vCenter Server in an existing site (formerly HA Cluster)
  • vCenter Single Sign-On for an additional vCenter Server with a new site (formerly Multisite)

For vSphere 5.5 Update 2 and onward:

  • Standalone vCenter Single Sign-On Server
  • High availability
  • Multisite

For your first vCenter, you should select "Standalone vCenter Single Sign-On Server" and for the second the "Multisite" option, see this note:

Multisite | vSphere 5.5 Update 2 and onward

This option installs an additional vCenter Single Sign-On server in a new logical site. When vCenter Single Sign-On servers are created using this option, they will all be members of the same vSphere.local authentication domain.As an improvement over vSphere 5.1, Single Sign-On data (policies, solution/application users, identity sources) is now automatically replicated between each vCenter Single Sign-On server in the same vSphere.local authentication domain every 30 seconds.
This mode must be used only after the first vCenter Single Sign-On server is deployed using the vCenter Single Sign-On for your first vCenter Server or Standalone vCenter Single Sign-On Server option, depending on your vSphere 5.5 release version.

To detailed information, see this KB article: VMware KB: vCenter Single Sign-On deployment modes for vSphere 5.5

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

View solution in original post

0 Kudos
4 Replies
rcporto
Leadership
Leadership

On the first site SSO installation, you should select the option "vCenter Single Sign-On for your first vCenter Server" and proceed with installation.

On the second site SSO installation, you should select the option "vCenter Single Sign-On for an additional vCenter Server with a new site", on the next screen you will be asked for the "Partner" information, that will be the name of first vCenter that you have installed.

Here are some links with detailed step by step installation:

http://wahlnetwork.com/2014/04/14/setting-multiple-sites-vcenter-single-sign-sso-5-5/

http://www.mikelaverick.com/2013/11/back-to-basics-vcenter-5-5-with-multisite-sso-and-linked-mode-co...

Just another tip, is that you should isolate your vCenter servers before the upgrade and then join them again after both vCenter has been upgraded.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
DeanPung
Contributor
Contributor

Hi Richardson,

Thanks for that information and links, although that information seems correct if its a fresh 5.5 install. When I'm upgrading from 5.1 U1a to 5.5 Ub I get a different set of SSO options (see pic).

5-5-SSO-Upgrade.JPG

My thoughts would be the Multisite option.

Cheers.

0 Kudos
rcporto
Leadership
Leadership

You're using the vCenter 5.5 Update 2 installer or an old version ? Because there are some changes on descriptions of deployments modes between vCenter 5.5 GA/Update 1 and 5.5 Update 2, take a look:

The available deployment modes for vCenter Single Sign-On are:

For vSphere 5.5GA to vSphere 5.5 Update 1b:

  • vCenter Single Sign-On for your first vCenter Server
  • vCenter Single Sign-On for an additional vCenter Server in an existing site (formerly HA Cluster)
  • vCenter Single Sign-On for an additional vCenter Server with a new site (formerly Multisite)

For vSphere 5.5 Update 2 and onward:

  • Standalone vCenter Single Sign-On Server
  • High availability
  • Multisite

For your first vCenter, you should select "Standalone vCenter Single Sign-On Server" and for the second the "Multisite" option, see this note:

Multisite | vSphere 5.5 Update 2 and onward

This option installs an additional vCenter Single Sign-On server in a new logical site. When vCenter Single Sign-On servers are created using this option, they will all be members of the same vSphere.local authentication domain.As an improvement over vSphere 5.1, Single Sign-On data (policies, solution/application users, identity sources) is now automatically replicated between each vCenter Single Sign-On server in the same vSphere.local authentication domain every 30 seconds.
This mode must be used only after the first vCenter Single Sign-On server is deployed using the vCenter Single Sign-On for your first vCenter Server or Standalone vCenter Single Sign-On Server option, depending on your vSphere 5.5 release version.

To detailed information, see this KB article: VMware KB: vCenter Single Sign-On deployment modes for vSphere 5.5

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
DeanPung
Contributor
Contributor

Perfect, thanks for the clarification and link. That's exactly what I was looking for.

Cheers

0 Kudos