Cannot remove obsolete solution users from the Lookup Service using the vSphere Web Client
search cancel

Cannot remove obsolete solution users from the Lookup Service using the vSphere Web Client

book

Article ID: 343622

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

If the Single Sign On service is stopped when you uninstall a solution (for example, vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)), the entries related to the solution are not removed from Single Sign On or the Lookup Service. Specifically, the application user name and the service entry for the solution are not removed. Because the vSphere Web Client does not give enough information to determine which application user belongs to the obsolete or orphaned solution, you must generate a list of all services registered with the Lookup Service at the command line. You can use the list to determine which application user to remove in the vSphere Web Client.

Environment

VMware vSphere Web Client 5.1.x
VMware vCenter Server 5.1.x
VMware vCenter Server 5.5.x
VMware vSphere Web Client 5.5.x

Resolution

  1. Open a Command Prompt as an elevated (Administrator) user.
  2. Generate a list of all services that are registered with the Lookup Service.

    vSphere 5.1

    For Windows-based vCenter Server:

    SSO install directory    \ssolscli\ssolscli listServices Lookup_Service_URL

    For vCenter Server Appliance:

    /usr/lib/vmware-sso/bin/vi_regtool listServices Lookup_Service_URL

    vSphere 5.5

    For Windows-based vCenter Server:

    C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso\ssolscli listServices Lookup_Service_URL

    For vCenter Server Appliance:

    /usr/lib/vmware-sso/bin/vi_regtool listServices Lookup_Service_URL

  3. In the list of services, locate the service entry that contains the address of the system where the solution was installed.

  4. Record the ownerId of the service entry.

  5. In the vSphere Web Client, navigate to Administration > SSO Users and Groups > Application Users and locate the application user with the same name as the ownerId you recorded.

  6. Right-click the user and select Delete Application User.

  7. At the command line, remove the service entry from the Lookup Service.

    1. Create a text file that contains the service ID using this command:

      ssolscli.cmd listServices https://vCenter_Single_Sign-on_FQDN:7444/lookupservice/sdk      > c:\sso_services.txt

      In the text file, you see output similar to:

      vSphere 5.1

      Service 1
      -----------
      serviceId={93135931-7B87-4B11-B6FC-236A8849B728}:2
      serviceName=The security token service interface of the SSO server
      type=urn:sso:sts
      endpoints={[url=https://FQDN:7444/ims/STSService?wsdl,protocol=wsTrust]}
      version=1.0
      description=The security token service interface of the SSO server
      ownerId=
      productId=
      viSite={93135931-7B87-4B11-B6FC-236A8849B728}

      Service 2
      -----------
      serviceId={93135931-7B87-4B11-B6FC-236A8849B728}:1
      serviceName=The administrative interface of the SSO server
      type=urn:sso:admin
      endpoints={[url=https://FQDN:7444/sso-adminserver/sdk,protocol=vmomi]}
      version=1.0
      description=The administrative interface of the SSO server
      ownerId=
      productId=
      viSite={93135931-7B87-4B11-B6FC-236A8849B728}

      Service 3
      -----------
      serviceId={93135931-7B87-4B11-B6FC-236A8849B728}:10
      serviceName=VMware vSphere Web Client
      type=urn:com.vmware.vsphere.client
      endpoints={[url=https://FQDN:9443/vsphere-client,protocol=vmomi]}
      version=5.1
      description=VMware vSphere Web Client Service
      ownerId=WebClient_2013.05.06_065556
      productId=
      viSite={93135931-7B87-4B11-B6FC-236A8849B728}


      vSphere 5.5

      Service 1
      -----------
      serviceId=Site Name:02dde295-422a-403e-b32c-1e40c3f188fd
      serviceName=vCenterService
      type=urn:vc
      endpoints={[url=https://FQDN:443/sdk,protocol=vmomi]}
      version=5.5
      description=vCenter Server
      [email protected]
      productId=
      viSite=Site Name

      Service 2
      -----------
      serviceId=Site Name:811660f9-f110-4ee7-8f9e-dc0dd1d062fe
      serviceName=VMware Log Browser
      type=urn:logbrowser:logbrowser
      endpoints={[url=https://FQDN:12443/vmwb/logbrowser,protocol=unknown],[url=https://WVC08.blarblarblar.local:12443/authentication/authtoken,protocol=unknown]}
      version=1.0.154491
      description=Enables browsing vSphere log files within the VMware Web Client
      ownerId=WebClient_2014.03.05_125106
      productId=
      viSite=Site Name

      Service 3
      -----------
      serviceId=Site Name:7b8b41f0-00e7-47e9-ad67-4979768ba9f2
      serviceName=VMware vSphere Web Client
      type=urn:com.vmware.vsphere.client
      endpoints={[url=https://FQDN:9443/vsphere-client,protocol=vmomi]}
      version=5.5
      description=VMware vSphere Web Client Service
      ownerId=WebClient_2014.03.05_125106
      productId=
      viSite=Site Name

    2. Delete all the entries from this file except serviceId that must be unregistered. For example, for service 3:

      From vSphere 5.1, the serviceId is:

      {93135931-7B87-4B11-B6FC-236A8849B728}:10

      The file should appear similar to:



      From vSphere 5.5, the serviceId is:

      Site Name:7b8b41f0-00e7-47e9-ad67-4979768ba9f2

      The file should appear similar to:



    3. Run the unregisterService command to unregister the entry for the solution.

      Note: It may be necessary to Set your JAVA_HOME environmental variable (default jre location below).

      vSphere 5.1

      set JAVA_HOME=c:\program files\vmware\infrastructure\jre

      vSphere 5.5

      SET JAVA_HOME=C:\Program Files\Common Files\VMware\VMware vCenter Server - Java Components

      Windows-based vCenter

      In vCenter Server 5.1:

      SSO install directory\ssolscli unregisterService -d https://machinename.corp.com:7444/lookupservice/sdk -u admin@System-Domain -p -si serviceId_file

      In vCenter Server 5.5:

      SSO install directory\ssolscli unregisterService -d https://machinename.corp.com:7444/lookupservice/sdk -u [email protected] -p -si serviceId_file

      vCenter Server Appliance

      /usr/lib/vmware-sso/bin/vi_regtool unregisterService -d -u Lookup_Service_administrator_user> -p -si serviceId_file

      The Lookup Service administrator user is typically admin@System-Domain (vSphere 5.1), [email protected] (vSphere 5.5) or root@localos.

      You see output similar to:

      Service with id "Site Name:7b8b41f0-00e7-47e9-ad67-4979768ba9f2" is successfully       unregistered
      Return code is: Success
      0

Additional Information

For translated versions of this article, see:
Powered by Wolken Software