Configuring Windows PSC for High Availability SSL termination in vSphere 6.7
Article ID: 336277
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article provides steps to configure Windows installed Platform Services Controller (PSC) 6.7 High Availability with SSL termination.
Environment
VMware vCenter Server 6.7.x
Resolution
This article is part of a series for configuring PSC HA, for the main article, see: Configuring Platform Service Controller HA in vSphere 6.7.
To configure the PSCs for load balancing by run the updateSSOConfig.py and updateLsEndpoint.py scripts.
Notes:
For example:
"%VMWARE_PYTHON_BIN%"python updateSSOConfig.py --lb-fqdn=loadbalancer.vmware.com
For example:
"%VMWARE_PYTHON_BIN%"python UpdateLsEndpoint.py --upgrade --lb-fqdn=psc-ha-vip.domain.com [email protected] --password=VMware123$ --lb-cert=C:\certs\lb.crt
Note: Only perform this step on a single PSC node.
To configure the PSCs for load balancing by run the updateSSOConfig.py and updateLsEndpoint.py scripts.
Notes:
- The updateSSOConfig.py script updates information local to each PSC and must be ran on all PSCs in the HA instance.
- The updateLsEndpoint.py script updates the ServiceRegistration Endpoints in VMDir and only needs to be ran on one of the PSCs in the HA instance.
- Connect to the PSC with an administrative user.
- Open an elevated privilege command prompt.
- Navigate to C:\Program Files\VMware\vCenter Server\vmware-sso\bin with this command:
cd "C:\Program Files\VMware\vCenter Server\vmware-sso\bin"
- Run this command:
"%VMWARE_PYTHON_BIN%"\python updateSSOConfig.py --lb-fqdn=psc-ha-vip
For example:
"%VMWARE_PYTHON_BIN%"python updateSSOConfig.py --lb-fqdn=loadbalancer.vmware.com
- Repeat these steps on any remaining PSCs.
- Connect to the PSC with an administrative user.
- Open an elevated privilege command prompt.
- Navigate to C:\Program Files\VMware\vCenter Server\vmware-sso\bin with this command:
cd "C:\Program Files\VMware\vCenter Server\vmware-sso\bin"
- From the load balancer console, download the certificate used to configure the PSC nodes to the load balancer, onto the PSC machine. Provide the absolute path of this certificate to the –lb-cert parameter in the next step.
- Run this command
"%VMWARE_PYTHON_BIN%"python UpdateLsEndpoint.py --upgrade --lb-fqdn=PSC_HA_VIP_FQDN --user=administrative_user --password=password --lb-cert=Absolute_path_of_the_load_balancer_certificate
For example:
"%VMWARE_PYTHON_BIN%"python UpdateLsEndpoint.py --upgrade --lb-fqdn=psc-ha-vip.domain.com [email protected] --password=VMware123$ --lb-cert=C:\certs\lb.crt
Note: Only perform this step on a single PSC node.
Additional Information
Feedback
Yes
No
Powered by
