VMware Cloud Community
MattGoddard
Enthusiast
Enthusiast
‎01-09-2020 11:47 AM

Need help removing vCenter from SSO domain

I've inherited an old vCenter Server 5.5 deployment with three vCenters - let's call them vCenterA, B & C - at three different cities. These are physical servers running Windows Server 2012 R2.

The datacenter where vCenterA is located was recently decommissioned. However, due to poor organization/communication, that server was simply shut down and moved out to cold storage, rather than properly decommissioned and removed from the SSO domain, etc. As a result, the following error now appears in the web client when logging in to either vCenterB or vCenterC:

Could not connect to one or more vCenter Server systems:

https://vCenterA.example.com:443/sdk

So, how can I remove this vCenter from the SSO domain?

All the info I've found regarding this involves removing a server that you can still access. I haven't been able to find anything for this scenario, where the server is gone and no longer accessible. (At least, nothing for a Windows-based, vCenter 5.5 deployment, anyway.)

Tags (2)
0 Kudos
4 Replies
Alex_Romeo
Leadership
Leadership
‎01-09-2020 11:55 AM

Hi,

In this article he says that it is possible to remove it even if it no longer responds, which may be similar to your problem.

pastedImage_1.png

VMware Knowledge Base

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
MattGoddard
Enthusiast
Enthusiast
‎01-09-2020 02:09 PM

Thanks, but I found that article already and unfortunately it's not for vCenter 5.5 (see the 'Related Versions' panel on the right.)

I think the "vmafd-cli" and "cmsso-util" commands it refers to were introduced in 6.0.

0 Kudos
Alex_Romeo
Leadership
Leadership
‎01-09-2020 02:32 PM

Hi,

Ok!...this is for 5.1 and 5.5

https://vnelsontx.com/2013/11/19/manually-remove-vcenter-server-from-sso/

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
MattGoddard
Enthusiast
Enthusiast
‎01-13-2020 09:53 AM

Unfortunately, that method requires the server being removed to be accessible, since you have to run the "ssolscli listServices ..." command against the lookup service running on it.

C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso>ssolscli listServices https://[my server FQDN]:7444/lookupservice/sdk

Intializing registration provider...

Getting SSL certificates for https://[my server FQDN]:7444/lookupservice/sdk

Unable to connect to server

Unable to connect to server

Return code is: OperationFailed

100

0 Kudos