Updating the vCenter Single Sign-On server database configuration
search cancel

Updating the vCenter Single Sign-On server database configuration

book

Article ID: 305667

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This articles provides recommendations on how to modify the SSO configuration when:
  • Modifying the SQL server port
  • Moving the SSO database to another SQL host
  • Modifying the RSA_USER password


Symptoms:
  • After you change the SQL port assignment of the vCenter Single Sign-On (SSO) database server, the vCenter Single Sign-On service fails. As a result the vCenter Server service fails to start.
  • After moving the SSO database from one host to another, you need to change the database configuration for the vCenter SSO server.
  • When migrating the SSO database the RSA_USER credentials are different on the destination host.


Environment

VMware vCenter Server 5.1.x

Cause

When you change the SQL port assignment of the vCenter Single Sign-On database server, vCenter Single Sign-On service fails to start. As a result, vCenter Server fails to start.

This issue can occur if the port assignment for the SQL server has changed. For example if the SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system.

Resolution

When you change the SQL port assignment of the Single Sign-On database server, Single Sign-On fails. As a result, vCenter Server fails to start.
This issue can occur if port assignment for the SQL server has changed. For example if SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system.
When you change the SQL port number of the SSO database server you must reconfigure SSO with the new port number.
To reconfigure SSO with the new port number:
  1. Stop the vCenter Single Sign-On service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  2. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
  3. Run this command:

    SSO_Install_Directory\utils> ssocli configure-riat -a configure-db --database-host database_server_name --database-port new_database_port -m master_password

    Note: By default, the SSO_Install_Directory is located at C:\Program Files\VMware\Infrastructure\SSOServer.
  4. Open config.properties file, located at SSO_Install_Directory\webapps\lookupservice\WEB-INF\classes, using a text editor.
  5. Locate the line db.url= and replace the port number with the new value.
  6. Start the vCenter Single Sign-On service.
For information about finding the current value of a dynamic port for SQL Server, see the Microsoft Knowledge Base article 823938.
Note: The preceding link was correct as of January 31, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.


If you move the SSO database from one SQL host to another host you need to update the SSO configuration with the new SQL server host information

Note: By default the permissions do not exist on the SQL server and, after the database is moved, the RSA_USER and RSA_DBA need to be created. See the vSphere Installation and Setup guide located at vSphere Installation and Setup Guide.

If you have moved the SSO DB and the database user credentials have changed or the database server login password has expired, you must update the SSO configuration.
To determine what database SSO is configured to use:
  1. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
  2. At a command prompt, run this command:

    SSO_Install_Directory\utils> ssocli manage-secrets -a listallkeys

    By default, SSO_Install_Directory is: C:\Program Files\VMware\Infrastructure\SSOServer

  3. When prompted, enter the master password.
  4. Update the configuration using the command:

    ssocli configure-riat -a configure-db

    For example:

    SSO_Install_Directory\utils> ssocli configure-riat -a configure-db --database-host new_host_name --database-port new_SQL_server_port -m master_password

    For a complete list of configure-db arguments, see the Additional Information section.
Note: On the server where SSO is installed, you can also view the jndi.properties file in the default location (C:\Program Files\VMware\Infrastructure\SSOServer\webapps\ims\web-inf\classes\) to see the database configuration for the SSO server and verify the values which need to be updated.

The most common values are:
  • com.rsa.db.hostname
  • com.rsa.instanceName
On the server where SSO is installed, edit the file C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties and modify all values that need to be updated. Usually, this is the value under:

## DB host

Note: If the RSA_USER credentials are different on the destination host, update the configuration.

To reconfigure SSO with the new RSA_USER password:

  1. Stop the vCenter Single Sign-On service. For more information, see Stopping, starting, or restarting vCenter services.
  2. Log in to the vCenter Single Sign-On database using SQL Management Studio or SQL*Plus and provide the RSA_USER credentials to ensure the RSA_USER's password has been changed.

    Note: The RSA_DBA user is used only during the initial installation of vCenter Single Sign-On. A password change on RSA_DBA is not required.

  3. Open an elevated command prompt. For more information, see Opening a command or shell prompt.
  4. Run this command:

    For Microsoft SQL:

    ssocli.cmd configure-riat -a configure-db --rsa-user-password new_db_password --rsa-user New_RSA_USER

    For Oracle:

    rsautil configure-riat -a configure-db --rsa-user-password new_db_password --rsa-user PN_RSA_USER --server-instance-name NOTUSED


    Note: By default the SSO_Install_Directory is at C:\Program Files\VMware\Infrastructure\SSOServer.

  5. Open the config.properties file, located at SSO_Install_Directory\webapps\lookupservice\WEB-INF\classes using a text editor.
  6. Locate the line db.pass= and replace the old password with the new password.
  7. Save and exit the file.
  8. Start the vCenter Single Sign-On server (service).

Note: Database log in accounts do not expire when using the embedded Microsoft SQL Server Express Database.


Additional Information

List of configure-db arguments is located at:
C:\Program Files\VMware\Infrastructure\SSOServer\utils>ssocli configure-riat -a configure-db --help

Usage: rsautil configure-riat -a configure-db arguments
OptionDescription
-m
--master-password
Master password. Required.
--database-host Database hostname or IP address. Optional, unless it is being updated to a new value.
If a literal IPv6 address is specified, it must be enclosed in "[" and "]" characters, as per RFC 2732.
--database-port
Database port number. Optional, unless it is being updated to a new value.
--server-instance-nameOptional. Needed when MSSQL Server is deployed to use dynamic port.
--rsa-user
The user account to use for connecting to the database. Optional, unless it is being updated to a new value.
--rsa-user-passwordOptional, unless the --rsa-user argument is also presented. To cause the password to be prompted for, specify the --rsa-user argument on the command line.
Opening a command or shell prompt
How to stop, start, or restart vCenter Server services
vCenter Single Sign On fails at start up or during initialization
Update VMware vCenter Server 5.1 Single Sign-On settings after you change the host name or port of the database server
vCenter Single Sign-On サーバのデータベース構成の更新
更新 vCenter Single Sign-On 服务器数据库配置

Powered by Wolken Software