vCenter Single Sign-On integration with vShield Manager stops working after upgrading from vShield Manager 5.1.1 to 5.1.2
Article ID: 337785
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
After you upgrade vShield Manager 5.1.1 to 5.1.2, the integration with vCenter Single Sign-On (SSO) stops working.
After you upgrade vShield Manager 5.1.1 to 5.1.2, the integration with vCenter Single Sign-On (SSO) stops working.
Environment
VMware vShield Manager 5.1.x
Resolution
To resolve this issue, follow these steps in order:
- Complete the vShield Manager upgrade to 5.1.2
- Remove SSO configuration on vShield Manager
- Reconfigure SSO on the upgraded vShield Manager
Step 1: Completing the vShield Manager upgrade
To complete the vShield Manager upgrade to 5.1.2:- Log into your vShield Manager, click Settings & Reports, then click the Updates tab.
- Click Upload Upgrade Bundle, then click Browse and select the vShield Manager 1.5.2 tar.gz file.
- Click Upload File, then click OK in the pop-up to continue.
Note: This step takes a couple of minutes. If you do not wait until the operation is complete, it could cause the upload to stop.
- Once the upload is complete, click Install.
- Verify the information, then click Confirm Install. After the upgrade, vShield Manager reboots.
- After vShield Manager reboots, log back in and confirm the upgraded version by clicking About in the vShield Manager UI.
Step 2: Removing SSO configuration on vShield Manager
To remove the SSO configuration on vShield Manager:- Download the encoded script (
signed_bsh_ssounconfigure.encoded) attached at the bottom of this article and save it to your local directory.
Notes:
- This script can be executed from any Linux-based machine or from a Microsoft Windows machine with cURL installed. To download cURL for Windows, see the cURL Download page.
- The preceding link was correct as of February 6, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.
- Run the script as an admin user using CURL:
Open a command prompt and run this command:# curl -k -i -H 'Accept: application/xml' -H 'Content-type: application/xml' -H 'Authorization: Basic YWRtaW46ZGVmYXVsdA==' -X POST https://vShield_Manager_IP_Address/api/1.0/services/debug/script -d@script_filename
WherevShield_Manager_IP_Addressis the IP address of your vShield Manager, andscript_filenameis the name of the downloaded script file.
After running the command, you see output similar to:HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Set-Cookie: JSESSIONID=7450C0C394834B4B2A91D4519DD0194D; Path=/; Secure; HttpOnly
Content-Length: 0
Date: Tue, 26 Mar 2013 23:01:53 GMT
Note: You can use the-u/--user <user[:password]>option to specify the admin password. If none is provided, the default password is used.
- Log into your vShield Manager via SSH by running the command:
# ssh -l admin vShield_Manager_IP_Address
WherevShield_Manager_IP_Addressis the IP address of your vShield Manager.
- Enter enable mode by running the command:
# en
Note: You will be asked for your vShield Manager password after running theencommand.
- Reboot the vShield Manager by running the command:
# reboot
Step 3: Reconfiguring SSO on the upgraded vShield Manager
To reconfigure SSO on the upgraded vShield Manager:- Log into your vShield Manager, then click Settings & Reports > Configuration.
- Click Edit for the Lookup Service and reconfigure SSO.
- Click OK, then click Yes in the Security warning pop-up.
- Wait for the configuration to complete.
Note: If vCenter 5.1 or higher is used, the Lookup Service must be configured for vShield to authenticate users with vCenter Single Sign On. For more information, see the Understanding vCenter Single Sign On section in VMware vSphere 5.1 Documentation Center.
Additional Information
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box
Attachments
Feedback
Yes
No
Powered by
