Two stand alone vCenters to be linked but changes made in file "/storage/domain-data/Conflict_Roles.json" creates a stale replication link between primary and secondary vcenters
search cancel

Two stand alone vCenters to be linked but changes made in file "/storage/domain-data/Conflict_Roles.json" creates a stale replication link between primary and secondary vcenters

book

Article ID: 387705

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Customer does manual changes in file "/storage/domain-data/Conflict_Roles.json" on primary-vc as follows:
primary-vc: 
root@primary-vc [ /storage/domain-data ]# cat Conflict_Roles.json
{
  "global" : {
    "resolution" : "MERGE",
    "description" : "The default resolution option used to resolve Role Conflicts is Copy. The conflicts list describes the differences between Role entities on source and target Platform Services Controller. If the source information represents an empty JSON array, all entity attributes from source and target are identical. If the source lists few entries, only these entity attributes are missing from the target. If the target lists few entries, only these entity attributes are missing from the source. Although you can set a global resolution, you can also override it at each conflict level by providing individual resolution mode."
  },
  ...
  ...
  ...
 
 
secondary-vc:

No changes made on secondary-vc:
root@secondary-vc [ /storage/domain-data ]# cat Conflict_Roles.json
{
  "global" : {
    "resolution" : "MERGE|SKIP|COPY",
    "description" : "The default resolution option used to resolve Role Conflicts is Copy. The conflicts list describes the differences between Role entities on source and target Platform Services Controller. If the source information represents an empty JSON array, all entity attributes from source and target are identical. If the source lists few entries, only these entity attributes are missing from the target. If the target lists few entries, only these entity attributes are missing from the source. Although you can set a global resolution, you can also override it at each conflict level by providing individual resolution mode."
  },
  ...
  ...
  ...
  
Above manual changes in primary-vc will create a stale link between primary-vc and secondary-vc:
root@primary-vc [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator
password:
Partner: secondary-vc
Host available:   Yes
Status available: No

Ideally, manual changes should not be done in file "Conflict_Roles.json". Doing so, will cause stale entries with replication link. 

Environment

vCenter 8.0.x

Resolution

1. Take offline snapshots of both vCenters.

2. Unregistered secondary-vc from primary-vc:

root@primary-vc [ /storage/domain-data ]# cmsso-util unregister --node-pnid 'secondary-vc-fqdn' --username [email protected] --passwd 'secondary-vc-admin-password'
Solution users, service accounts, computer account and service endpoints will be unregistered
YYYY-MM-DDTMM:SS:45.872Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'service', 'list', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:45.889Z  Done running command
YYYY-MM-DDTMM:SS:46.001Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'list', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.018Z  Done running command
YYYY-MM-DDTMM:SS:46.018Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'serviceaccountmgmt-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.043Z  Done running command
YYYY-MM-DDTMM:SS:46.043Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'certificateauthority-xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.066Z  Done running command
YYYY-MM-DDTMM:SS:46.066Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'vpxd-svc-acct-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.093Z  Done running command
YYYY-MM-DDTMM:SS:46.093Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'vsphere-ui-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.119Z  Done running command
YYYY-MM-DDTMM:SS:46.120Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'cms-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.144Z  Done running command
YYYY-MM-DDTMM:SS:46.144Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'vmware-scaservice-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.168Z  Done running command
YYYY-MM-DDTMM:SS:46.168Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'sps-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.193Z  Done running command
YYYY-MM-DDTMM:SS:46.194Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'topologysvc-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.215Z  Done running command
YYYY-MM-DDTMM:SS:46.215Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'vmware-vsm-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.241Z  Done running command
YYYY-MM-DDTMM:SS:46.241Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'vmware-applmgmtservice-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.270Z  Done running command
YYYY-MM-DDTMM:SS:46.271Z  Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'svcaccount', 'delete', '--name', 'workload_storage_management-xxxx-xxxx-xxxx-xxxx-xxxxxxx', '--login', '[email protected]']
YYYY-MM-DDTMM:SS:46.288Z  Done running command
Stopping all the services ...
All services stopped.
Starting all the services ...
Started all the services.
Success

3. Take second set of offline snapshots of both vCenters.

4. From primary-vc, give below command to establish link:

# cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn 'secondary-vc-fqdn' --replication-partner-admin administrator --dest-domain-name vsphere.local


Starting License export                                                                                                                                                                                                                      ... Done
Export Service Data                                                                                                                                                                                                                          ... Done
Uninstalling Platform Controller Services                                       ... Done
Stopping all services                                                           ... Done
Updating registry settings                                                      ... Done
Re-installing Platform Controller Services                                      ... Done
Registering Infra services                                                      ... Done
Starting License import                                                         ... Done
Starting Authz Data import                                                      ... Done
Starting Tagging Data import                                                    ... Done
Starting WCP service import phase...                                            ... Done
Starting CLS import                                                             ... Done
Starting Trustmanagement import                                                 ... Done
Applying target domain CEIP participation preference                            ... Done
Starting all services                                                           ... Done
Repoint successful.

5. Both vCenters linked successfully.

Powered by Wolken Software