Determining the ownership of VMware vCenter Server 6.0 Components within the VMware vSphere domain
Article ID: 341781
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article provides information on determining Solution User ownership for a vCenter Server 6.0 instance (or multiple instances) in an embedded or distributed deployment.
For similar information specific to vSphere 5.x, see Determining the ownership of VMware vCenter Server 5.1/5.5 components within vCenter Single Sign-On (2046600).
Environment
VMware vCenter Server 6.0.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.0.x
Resolution
In vSphere 6.0, VMware Authentication Framework Daemon (VMAFD) APIs were introduced to simplify the identification of solution users within an environment.
To determine the ownership of vCenter Server 6.0 components, perform these workflows:
To check usernames in vSphere Web Client 6.0:
- Log in to vSphere Web Client 6.0 as [email protected].
- Click Administration.
- Under the Single Sign-On, click Users and Groups.
- Click the Solution Users tab. Solution User objects and descriptions are listed.
- Make a note of the object names.
Solution User Identification
vCenter Server Appliance and Platform Services Controller Appliance
- Initiate an SSH connection to the vCenter Server Appliance or Platform Services Controller Appliance.
- Log in as the root user and enter the password when prompted.
- Run this command to enable the Bash shell:
shell.set --enable True
- Run this command to access the Bash shell:
shell
- Run this command to list all of the Solution Users in the vSphere Domain:
/usr/lib/vmware-vmafd/bin/dir-cli service list
- When prompted, enter the [email protected] password.
- Run this command to extract the GUID of your vSphere component for either the vCenter Server or Platform Services Controller:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost
Note: The preceeding command is supported only to run against Localhost.
For example:
vcsa1:~ # /usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost
bf048b3a-231e-40b0-96ea-e5792f7fa65b
- Using the unique GUID for the vSphere component, run this command to extract a subset of the Solution Users in your vSphere Domain
/usr/lib/vmware-vmafd/bin/dir-cli service list --password <[email protected]> | grep <GUID>
For example:
/usr/lib/vmware-vmafd/bin/dir-cli service list --password VMw@re123 | grep bf048b3a-231e-40b0-96ea-e5792f7fa65b
You see output similar to:
machine-bf048b3a-231e-40b0-96ea-e5792f7fa65b
vpxd-bf048b3a-231e-40b0-96ea-e5792f7fa65b
vpxd-extension-bf048b3a-231e-40b0-96ea-e5792f7fa65b
vsphere-webclient-bf048b3a-231e-40b0-96ea-e5792f7fa65b
vCenter Server and Platform Services Controller for Windows
- Connect to vCenter Server or Platform Services Controller for Windows remotely.
- Open an elevated command prompt.
- Run this command to list all of the Solution Users in the vSphere Domain:
"%VMWARE_CIS_HOME%"\vmafdd\dir-cli service list
- When prompted, enter the [email protected] password.
- Run this command to extract the GUID of your vSphere component for either the vCenter Server or Platform Services Controller:
"%VMWARE_CIS_HOME%"\vmafdd\vmafd-cli get-machine-id --server-name localhost
Note: The preceding command is supported only to run against Localhost.
For example:
C:\Windows\system32>"%VMWARE_CIS_HOME%"\vmafdd\vmafd-cli get-machine-id --server-name localhost
86ca3bf1-9201-11e3-8f19-000c29562ae2
- Using the unique GUID for the vSphere component, run this command to extract a subset of the Solution Users in your vSphere Domain.
"%VMWARE_CIS_HOME%"\vmafdd\dir-cli service list --password <[email protected] Password> | findstr <GUID>
For example:
"%VMWARE_CIS_HOME%"\vmafdd\dir-cli service list --password VMw@re123 | findstr 86ca3bf1-9201-11e3-8f19-000c29562ae2
You see output similar to:
machine-86ca3bf1-9201-11e3-8f19-000c29562ae2
vpxd-86ca3bf1-9201-11e3-8f19-000c29562ae2
vpxd-extension-86ca3bf1-9201-11e3-8f19-000c29562ae2
vsphere-webclient-86ca3bf1-9201-11e3-8f19-000c29562ae2
Additional Information
Feedback
Yes
No
Powered by
