Hi there,
I am seeking some help from the community for a specific case I am experiencing now.
My Current vCenter is a 6.7 appliance last version but historically it has been deployed with the SSO domain same as hostname fqdn.
It works pretty well so far but I know this is not supported by VMware and documentation warns about this case. Unfortunately I am not the one who deployed this vCenter.... :smileycry:
Now I need to change the SSO domain to vsphere.local and link a remote vcenter to this one. Indeed there is no way I keep the current SSO domain as the configuration is not following the best practices.
So I used the command to repoint vcenter to a new sso domain and the repointing fails, after some troubleshoot, it appears that the URLs in the SSO configuration uses the new SSO domain as endpoint..... and not the hostname of the vcenter.
Doing the same thing with a vcenter that have a SSO domain different from hostname from the begining works perfectly.
Any one when through this specific case ?
Thank you !!!!!
Hey Guys,
thank you all for your interest in this case.
Please find below the fix when you want to repoint your SSO domain that have the same hostname domain :
Connect to your vCenter in SSH :
#cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name vsphere.local
#Let it fail then
#mkdir /tmp/spec
#cd /tmp/spec
#ldu=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-ldu --server-name localhost)
#serreg=$(/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --node $ldu --no-check-cert | grep "Service ID" | cut -d : -f 2)
#for i in `echo $serreg`;do /usr/lib/vmidentity/tools/scripts/lstool.py get --url https://localhost/lookupservice/sdk --id "$i" --no-check-cert --as-spec > /tmp/spec/$i;done
#for n in `ls *`;do sed -i "s|https://vsphere.local|https://fqdnofyourvcenter |g" $n;done
#for n in `ls *`;do sed -i "s|http://vsphere.local|http://fqdnofyourvcenter|g" $n;done
#for v in `ls *`;do /usr/lib/vmidentity/tools/scripts/lstool.py reregister --spec "$v" --url https://localhost/lookupservice/sdk --user administrator@vsphere.local --password "*******" --id "$v" --no-check-cert;done
#service-control --stop --all && service-control --start --all
#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrator
#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrators
#service-control --restart vmware-vapi-endpoint
Et voila !!!
Hi,
I don't know your environment because you haven't described it, but isn't it better to create a new vCenter and manage a migration? So you have everything clean and in the future you will no longer have problems.
ARomeo
Hi,
Thank you for your answer.
So I have my environment as following :
Datacenter A :
vCenter A :
SSO domain : vsphere.local
2 clusters
ESXis : Aesxi01-20
Storage : 3PAR array using iSCSI using vVol
DataCEnter B :
vCenter B :
SSO Domain : vcenterB.mycompany.intra.com = hostname fqdn
2 clusters
ESXis : Besxi01-20
Storage : 3PAR array using iSCSI using vVol
All is routed between Datacenter A and B
I want to achieve a linked mode betwen vCenter A and vCenter B.
I am trying to avoid redeploying vCenter for many reasons.
Thank you
I think it would help if you also provide the excerpt of the domain repoint command and the error message you received.
Hi,
it seems a peaceful environment ... send us the error that appears.
ARomeo
cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain
Please provide output of this command
*Note : Domain repoint will work from A to B . If B is already an existing one which should be of the replication partner (destination one )
Hey Guys,
thank you all for your interest in this case.
Please find below the fix when you want to repoint your SSO domain that have the same hostname domain :
Connect to your vCenter in SSH :
#cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name vsphere.local
#Let it fail then
#mkdir /tmp/spec
#cd /tmp/spec
#ldu=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-ldu --server-name localhost)
#serreg=$(/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --node $ldu --no-check-cert | grep "Service ID" | cut -d : -f 2)
#for i in `echo $serreg`;do /usr/lib/vmidentity/tools/scripts/lstool.py get --url https://localhost/lookupservice/sdk --id "$i" --no-check-cert --as-spec > /tmp/spec/$i;done
#for n in `ls *`;do sed -i "s|https://vsphere.local|https://fqdnofyourvcenter |g" $n;done
#for n in `ls *`;do sed -i "s|http://vsphere.local|http://fqdnofyourvcenter|g" $n;done
#for v in `ls *`;do /usr/lib/vmidentity/tools/scripts/lstool.py reregister --spec "$v" --url https://localhost/lookupservice/sdk --user administrator@vsphere.local --password "*******" --id "$v" --no-check-cert;done
#service-control --stop --all && service-control --start --all
#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrator
#/usr/lib/vmware-vmafd/bin/dir-cli group modify --name SystemConfiguration.Administrators --add administrators
#service-control --restart vmware-vapi-endpoint
Et voila !!!