Contributor
Contributor

vCenter 6.7 appliance SSO domain same as hostname | issue when repointing to new SSO domain

Jump to solution

Hi there,

I am seeking some help from the community for a specific case I am experiencing now.

My Current vCenter is a 6.7 appliance last version but historically it has been deployed with the SSO domain same as hostname fqdn.

It works pretty well so far but I know this is not supported by VMware and documentation warns about this case. Unfortunately I am not the one who deployed this vCenter.... :smileycry:

Now I need to change the SSO domain to vsphere.local and link a remote vcenter to this one. Indeed there is no way I keep the current SSO domain as the configuration is not following the best practices.

So I used the command to repoint vcenter to a new sso domain and the repointing fails, after some troubleshoot, it appears that the URLs in the SSO configuration uses the new SSO domain as endpoint..... and not the hostname of the vcenter.

Doing the same thing with a vcenter that have a SSO domain different from hostname from the begining works perfectly.

Any one when through this specific case ?

Thank you !!!!!

Tags (1)
1 Solution

Accepted Solutions
Contributor
Contributor

Hey Guys,

thank you all for your interest in this case.

Please find below the fix when you want to repoint your SSO domain that have the same hostname domain :

Connect to your vCenter in SSH :

#cmsso-util domain-repoint -m execute --src-emb-admin Administrator  --dest-domain-name vsphere.local

#Let it fail then

#mkdir /tmp/spec

#cd /tmp/spec

#ldu=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-ldu --server-name localhost)

#serreg=$(/usr/lib/vmidentity/tools/scripts/lstool.py  list --url https://localhost/lookupservice/sdk --node $ldu --no-check-cert | grep "Service ID" | cut -d : -f 2)

#for i in `echo $serreg`;do /usr/lib/vmidentity/tools/scripts/lstool.py  get --url https://localhost/lookupservice/sdk --id "$i" --no-check-cert --as-spec > /tmp/spec/$i;done

#for n in `ls *`;do  sed  -i "s|https://vsphere.local|https://fqdnofyourvcenter |g" $n;done

#for n in `ls *`;do  sed  -i "s|http://vsphere.local|http://fqdnofyourvcenter|g" $n;done

#for v in `ls *`;do /usr/lib/vmidentity/tools/scripts/lstool.py reregister --spec "$v" --url https://localhost/lookupservice/sdk --user administrator@vsphere.local --password "*******" --id "$v" --no-check-cert;done

#service-control --stop --all && service-control --start --all

#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrator

#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrators

#service-control --restart vmware-vapi-endpoint

Et voila !!!

View solution in original post

0 Kudos
6 Replies
Leadership
Leadership

Hi,

I don't know your environment because you haven't described it, but isn't it better to create a new vCenter and manage a migration? So you have everything clean and in the future you will no longer have problems.

ARomeo

Blog: https://www.aleadmin.it/
Contributor
Contributor

Hi,

Thank you for your answer.

So I have my environment as following :

Datacenter A :

vCenter A :

  SSO domain : vsphere.local

  2 clusters

ESXis : Aesxi01-20

Storage : 3PAR array using iSCSI using vVol

DataCEnter B :

vCenter B :

  SSO Domain : vcenterB.mycompany.intra.com = hostname fqdn

  2 clusters

ESXis : Besxi01-20

Storage : 3PAR array using iSCSI using vVol

All is routed between Datacenter A and B

I want to achieve a linked mode betwen vCenter A and vCenter B.

I am trying to avoid redeploying vCenter for many reasons.

Thank you

0 Kudos
Expert
Expert

I think it would help if you also provide the excerpt of the domain repoint command and the error message you received.

My blog: http://shaheen-clouds.blogspot.sg/
0 Kudos
Leadership
Leadership

Hi,

it seems a peaceful environment ... send us the error that appears.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
Enthusiast
Enthusiast

cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain

Please provide output of this command

*Note : Domain repoint will work from A to B . If B is already an existing one which should be of the replication partner (destination one )

VCIX-DCV6.5 ,VCIX-NV6 , VCP-CMA7 *Mark answer as correct/helpful if it solves your query 🙂
0 Kudos
Contributor
Contributor

Hey Guys,

thank you all for your interest in this case.

Please find below the fix when you want to repoint your SSO domain that have the same hostname domain :

Connect to your vCenter in SSH :

#cmsso-util domain-repoint -m execute --src-emb-admin Administrator  --dest-domain-name vsphere.local

#Let it fail then

#mkdir /tmp/spec

#cd /tmp/spec

#ldu=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-ldu --server-name localhost)

#serreg=$(/usr/lib/vmidentity/tools/scripts/lstool.py  list --url https://localhost/lookupservice/sdk --node $ldu --no-check-cert | grep "Service ID" | cut -d : -f 2)

#for i in `echo $serreg`;do /usr/lib/vmidentity/tools/scripts/lstool.py  get --url https://localhost/lookupservice/sdk --id "$i" --no-check-cert --as-spec > /tmp/spec/$i;done

#for n in `ls *`;do  sed  -i "s|https://vsphere.local|https://fqdnofyourvcenter |g" $n;done

#for n in `ls *`;do  sed  -i "s|http://vsphere.local|http://fqdnofyourvcenter|g" $n;done

#for v in `ls *`;do /usr/lib/vmidentity/tools/scripts/lstool.py reregister --spec "$v" --url https://localhost/lookupservice/sdk --user administrator@vsphere.local --password "*******" --id "$v" --no-check-cert;done

#service-control --stop --all && service-control --start --all

#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrator

#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrators

#service-control --restart vmware-vapi-endpoint

Et voila !!!

View solution in original post

0 Kudos