Fix legacy SYSTEM-DOMAIN artifacts in VMDIR
search cancel

Fix legacy SYSTEM-DOMAIN artifacts in VMDIR

book

Article ID: 408176

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When accessing an environment, both SYSTEM-DOMAIN and vsphere.local are present:

Environment

  • vCenter server 7.0.x
  • vCenter server 8.0.x

Cause

This is due to something that did not migrate correctly during the migration from 5.1 to 5.5 and above.

Resolution

  1. Take a powered off snapshot of the vCenter appliance before performing the activity(if the vCenter server is in linked mode, take a powered off snapshot of all the linked vCenter servers).
  2. Run the following command to remove the identity providers from VMDIR:

    /opt/likewise/bin/ldapdelete -r -x -D cn=Administrator,cn=Users,dc=vsphere,dc=local -W <<EOF
    cn=vsphere.local,cn=IdentityProviders,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
    EOF

    Note: If a custom SSO domain is used instead of vsphere.local then adjust the above values as needed for the custom SSO domain

  3. Download the attached LDIF file
  4. Modify line 8 and line 10 of the file with the PNID / FQDN of the vCenter exhibiting the problem
  5. Upload the modified LDIF file to the vCenter Server Appliance (The default directory is /root on the appliance)
  6. Run the following command to re-add the identity provider to VMDIR:

    /opt/likewise/bin/ldapadd -x -D cn=Administrator,cn=Users,dc=vsphere,dc=local -W -f /root/vsphere-local-fixed.ldif

  7. Restart services on the vCenter server appliance

    service-control --stop --all && service-control --start --all

  8. Log into the vCenter and check that only vsphere.local is present in the domain section

Attachments

vsphere-local-fixed.ldif get_app