VIDB incorrectly identified as "Embedded" after VCF 9.1 Upgrade
search cancel

VIDB incorrectly identified as "Embedded" after VCF 9.1 Upgrade

book

Article ID: 444003

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

After upgrading VMware Cloud Foundation (VCF) from version 9.0.2 to 9.1, the VMware Identity Broker (VIDB) incorrectly displays its deployment type as "EMBEDDED" within the VCF Operations UI. This prevents administrators from configuring or registering an external VIDB appliance.

Symptoms include:

  • The "Configure VCF SSO" page shows the deployment mode as "Embedded" when an external appliance is intended.
  • The "Choose deployment mode" task may appear stuck "In Progress."
  • API queries to GET /suite-api/api/fleet-management/iam/vidbs return the deployment type as EMBEDDED for the management domain.

Environment

  • Product: VMware Cloud Foundation (VCF) 9.1
  • Component: VCF Operations (formerly Aria Operations), VMware Identity Broker (VIDB)
  • Upgrade Path: 9.0.x to 9.1

Cause

This issue is caused by stale metadata remaining in the VCF Operations database and the vCenter inventory from the legacy 9.0.2 environment. During the upgrade to VCF 9.1, which introduces unified VCF Management Services, the presence of these legacy artifacts causes VCF Operations to misidentify the existing VIDB registration as an embedded instance rather than a migrated external appliance.

Resolution

To resolve this issue, the stale embedded registration must be purged from the VCF Operations database using the cleanup script provided by Broadcom Engineering.
1. Preparation:
• Ensure you have a recent backup or snapshot of the VCF Operations primary node.
• Confirm that the external VIDB 9.1 appliance is powered on and healthy.
2. Execution:
• Obtain the script reset_idb_vcf91_sso_for_vcf_operations.ps1 (referenced in Case 36951409).
• Run the script to delete the stale "Embedded" registration entry from the backend.
• This action clears the blocked status and allows VCF Operations to correctly identify the external VIDB appliance during the next management sync.
3. Verification:
• Log in to the VCF Operations UI.
• Navigate to Lifecycle > Build > Components.
Confirm the Identity Broker now correctly reflects the external FQDN and is eligible for SSO configuration.

Additional Information

KB 441333: Scripted components cleanup from VCF Operations 9.1
KB 441285: VCF Identity Broker upgrade failure from VCF 9.0.x to 9.1

Powered by Wolken Software