Migrating to a new SSO or recovering from a reinstallation of SSO in vRA
search cancel

Migrating to a new SSO or recovering from a reinstallation of SSO in vRA

book

Article ID: 343773

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article provides steps to rebuild the VMware vRealize Automation (formerly known as vCloud Automation Center) environment with minimal loss of data. This article also provides steps to migrate from one vCenter Server/ vRealize Automation Identity Server to another vCenter Server/ vRealize Automation Identity Server.

Note: Before performing the below steps, and if possible, log into your vRealize Automation management web page at https://vCAC_FQDN/vCAC and capture all Identity Store information as you need to re-enter this information exactly the same way for best results.

Note: Migration or re-installation of the VMware vRealize Automation Identity Appliance or vCenter Server SSO impacts your vRealize Automation environment and is not recommended.


Environment

VMware vCloud Automation Center for Server 6.0.x
VMware vRealize Automation 6.2.x
VMware vCloud Automation Center for Desktop 6.0.x

Resolution

To migrate to a new vCenter Server/ vRealize Automation Identity Server, perform these steps:

Note: Before proceeding, take a backup of your entire environment including the database in case you need to roll back. Also record the configuration details as they will be required to complete this procedure.

On the vRealize Automation Appliance:
  1. Log in to the vRealize Automation management page at https://vCAC_FQDN:5480
  2. Navigate to the vRealize Automation Settings > SSO tab.
  3. Enter the new or existing SSO host address.

    Note: Include:7444 at the end of the address. If using vCenter Server Platform Services Controller, the port is 443.

    Note: For vRealize Automation 6.1:
    1. Enter the host name.
    2. Enter the port number.

  4. Enter the [email protected] account and password and click Save Settings.
  5. The screen shows Requesting information for a very long time. It takes up to 30 minutes.
  6. After completion, you see a green text response that indicates the SSO configuration is updated successfully.

    Note: If you do not have an update on the page after 30 minutes, open a new tab, again log in to the vRealize Automation (formerly known as vCloud Automation Center) appliance and navigate to the vRealize Automation Settings > SSO and confirm that it is registered to the new SSO.

  7. Log out of the vRealize Automation management site and log in to your default tenant at https://vCAC_FQDN/shell-ui-app as [email protected]
  8. Open your first named Tenant.

    Note: Close all Internal Error messages displayed.

  9. Open each Tenant and click Update without making changes.
  10. Reopen each Tenant and add the same Identity Store(s) that you previously configured for this Tenant, click Add and then click Update.

    Note: To retrieve the Identity Store conifiguration from the old Single Sign-On instance, see Using JXplorer to update the LDAP string for an identity source for VMware vRealize Automation 6.0.x, 6.1.x (2077170)

  11. Reopen each Tenant and ensure that the Tenant and IaaS Administrators are showing up correctly.
  12. Log out of vRealize Automation.

On the IaaS machine where the Model Manager Data was installed and imported from:

Note: For vRealize Automation 6.2, the steps are mentioned later.

  1. Open a command prompt as Administrator.
  2. Navigate to C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\
  3. Rename vcac-config.data to vcac-config.old
  4. Run this command to create the updated data file:

    Vcac-Config.exe GetServerCertificates -url https://vCAC_FQDN --FileName vcac-config.data

    For example:

    Vcac-Config.exe GetServerCertificates -url https://vcac.vcloud.local --FileName vcac-config.data

  5. Run this command to create a new Solution User:

    Vcac-Config.exe RegisterSolutionUser -url https://vCAC_FQDN --Tenant vsphere.local -cu [email protected] -cp (Enter password here) --FileName vcac-config.data -v

    For example:

    Vcac-Config.exe RegisterSolutionUser -url https://vcac.vcloud.local --Tenant vsphere.local -cu [email protected] -cp Passw0rd123 --FileName vcac-config.data -v

  6. Run this command to move the new solution user into the IaaS database:

    Vcac-Config.exe MoveRegistrationDataToDB --FileName vcac-config.data -s "(SQL Server FQDN)" -d "(Database name)" -v

    For example:

    Vcac-Config.exe MoveRegistrationDataToDB --FileName vcac-config.data -s "sql.vcloud.local" -d "vCAC" -v

  7. Restart IIS.
  8. Restart all IaaS Services. From the Windows desktop of the IaaS machine, go to Administrative Tools > Services. Locate these services and restart them in the order:

    1. VMware vCloud Automation Center Service
    2. VMware DEM – Orchestrator – DEO
    3. VMware DEM – Worker – DEM
    4. VMware vCloud Automation Center Agent Agent name

For vRealize Automation 6.2:

  1. Log in to the IaaS server with the IaaS installation account.
  2. Navigate to C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe
  3. Rename Vcac-Config.data to Vcac-Config.data.old.
  4. Run this command to create the updated data file:

    Vcac-Config.exe UpdateServerCertificates -d DB name -s DB fqdn -v

  5. Run this command to create a new Solution User:

    Vcac-Config.exe RegisterSolutionUser -url vRA fqdn -t vsphere.local -cu [email protected] -cp password -tc -f Vcac-Config.data -v

  6. Run this command to move the new solution user into the IaaS database:

    Vcac-Config.exe MoveRegistrationDataToDB -d DB name -s DB fqdn -f Vcac-Config.data -v

  7. Run this command to reboot the server:

    shutdown -r -t 1
Note: If you have any syntax errors while running these commands, enter the commands manually instead of copying and pasting.

If the preceding steps do not resolve your issue, a full reinstallation of vRealize Automation (formerly known as vCloud Automation Center) may be required. Log a support request for further details.

For more information on opening a support request, see How to file a Support Request in Customer Connect (2006985).


Additional Information

To be alerted when this article is update, click Subscribe to Article.

How to file a Support Request in Customer Connect
How to use JXplorer to update the LDAP string for an identity source for vRA 6.0.x, 6.1.x
在 vRA 中迁移至新的 SSO 或通过重新安装 SSO 进行恢复
VMware vRealize Automation で新しい SSO への移行や SSO の再インストールからのリカバリを行う
Migrando para um novo SSO ou recuperando-se de uma reinstalação do SSO no VMware vRealize Automation
Migrar a un nuevo SSO o recuperarse de una reinstalación de SSO en VMware vRealize Automation

Impact/Risks: