When you change the SQL port assignment of the Single Sign-On database server, Single Sign-On fails. As a result, vCenter Server fails to start.
This issue can occur if port assignment for the SQL server has changed. For example if SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system.
When you change the SQL port number of the SSO database server you must reconfigure SSO with the new port number.
To reconfigure SSO with the new port number:
- Stop the vCenter Single Sign-On service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
- Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
- Run this command:
SSO_Install_Directory\utils> ssocli configure-riat -a configure-db --database-host database_server_name --database-port new_database_port -m master_password
Note: By default, the SSO_Install_Directory is located at C:\Program Files\VMware\Infrastructure\SSOServer.
- Open config.properties file, located at SSO_Install_Directory\webapps\lookupservice\WEB-INF\classes, using a text editor.
- Locate the line db.url= and replace the port number with the new value.
- Start the vCenter Single Sign-On service.
For information about finding the current value of a dynamic port for SQL Server, see the Microsoft Knowledge Base article
823938.
Note: The preceding link was correct as of January 31, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.
If you move the SSO database from one SQL host to another host you need to update the SSO configuration with the new SQL server host information
Note: By default the permissions do not exist on the SQL server and, after the database is moved, the RSA_USER and RSA_DBA need to be created. See the vSphere Installation and Setup guide located at
vSphere Installation and Setup Guide.
If you have moved the SSO DB and the database user credentials have changed or the database server login password has expired, you must update the SSO configuration.
To determine what database SSO is configured to use:
- Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
- At a command prompt, run this command:
SSO_Install_Directory\utils> ssocli manage-secrets -a listallkeys
By default, SSO_Install_Directory is: C:\Program Files\VMware\Infrastructure\SSOServer
- When prompted, enter the master password.
- Update the configuration using the command:
ssocli configure-riat -a configure-db
For example:
SSO_Install_Directory\utils> ssocli configure-riat -a configure-db --database-host new_host_name --database-port new_SQL_server_port -m master_password
For a complete list of configure-db arguments, see the Additional Information section.
Note: On the server where SSO is installed, you can also view the jndi.properties file in the default location (C:\Program Files\VMware\Infrastructure\SSOServer\webapps\ims\web-inf\classes\) to see the database configuration for the SSO server and verify the values which need to be updated.
The most common values are:
- com.rsa.db.hostname
- com.rsa.instanceName
On the server where SSO is installed, edit the file
C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties and modify all values that need to be updated. Usually, this is the value under:
## DB host
Note: If the RSA_USER credentials are different on the destination host, update the configuration.
To reconfigure SSO with the new RSA_USER password:
- Stop the vCenter Single Sign-On service. For more information, see Stopping, starting, or restarting vCenter services.
- Log in to the vCenter Single Sign-On database using SQL Management Studio or SQL*Plus and provide the RSA_USER credentials to ensure the RSA_USER's password has been changed.
Note: The RSA_DBA user is used only during the initial installation of vCenter Single Sign-On. A password change on RSA_DBA is not required.
- Open an elevated command prompt. For more information, see Opening a command or shell prompt.
- Run this command:
For Microsoft SQL:
ssocli.cmd configure-riat -a configure-db --rsa-user-password new_db_password --rsa-user New_RSA_USER
For Oracle:
rsautil configure-riat -a configure-db --rsa-user-password new_db_password --rsa-user PN_RSA_USER --server-instance-name NOTUSED
Note: By default the SSO_Install_Directory is at C:\Program Files\VMware\Infrastructure\SSOServer.
- Open the config.properties file, located at SSO_Install_Directory\webapps\lookupservice\WEB-INF\classes using a text editor.
- Locate the line db.pass= and replace the old password with the new password.
- Save and exit the file.
- Start the vCenter Single Sign-On server (service).
Note: Database log in accounts do not expire when using the embedded Microsoft SQL Server Express Database.