Configuring Windows PSC for High Availability SSL termination in vSphere 6.7
search cancel

Configuring Windows PSC for High Availability SSL termination in vSphere 6.7

book

Article ID: 336277

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides steps to configure Windows installed Platform Services Controller (PSC) 6.7 High Availability with SSL termination.

Environment

VMware vCenter Server 6.7.x

Resolution

This article is part of a series for configuring PSC HA. For the main article, see: Configuring Platform Service Controller HA in vSphere 6.7.

To configure the PSCs for load balancing, run the updateSSOConfig.py and updateLsEndpoint.py scripts.

Notes:

  • The updateSSOConfig.py script updates information local to each PSC and must be ran on all PSCs in the HA instance.
  • The updateLsEndpoint.py script updates the ServiceRegistration Endpoints in VMDir and only needs to be ran on one of the PSCs in the HA instance.

Running the updateSSOConfig.py script:

  1. Connect to the PSC with an administrative user.
  2. Open an elevated privilege command prompt.
  3. Navigate to C:\Program Files\VMware\vCenter Server\vmware-sso\bin with this command:

    cd "C:\Program Files\VMware\vCenter Server\vmware-sso\bin"
  1. Run this command:

    "%VMWARE_PYTHON_BIN%"\python updateSSOConfig.py --lb-fqdn=psc-ha-vip

    Example

    "%VMWARE_PYTHON_BIN%"python updateSSOConfig.py --lb-fqdn=loadbalancer.example.com 
  1. Repeat these steps on any remaining PSCs.

Running the updateLsEndpoint.py script

  1. Connect to the PSC with an administrative user.
  2. Open an elevated privilege command prompt.
  3. Navigate to C:\Program Files\VMware\vCenter Server\vmware-sso\bin with this command:

    cd "C:\Program Files\VMware\vCenter Server\vmware-sso\bin"
  1. From the load balancer console, download the certificate used to configure the PSC nodes to the load balancer, onto the PSC machine. Provide the absolute path of this certificate to the –lb-cert parameter in the next step.
  2. Run this command:

    "%VMWARE_PYTHON_BIN%"python UpdateLsEndpoint.py --upgrade --lb-fqdn=PSC_HA_VIP_FQDN --user=administrative_user --password=password --lb-cert=Absolute_path_of_the_load_balancer_certificate

    Example

    "%VMWARE_PYTHON_BIN%"python UpdateLsEndpoint.py --upgrade --lb-fqdn=psc-ha-vip.example.com [email protected] --password=VMware123$ --lb-cert=C:\certs\lb.crt

    Note: Only perform this step on a single PSC node.
Powered by Wolken Software