Upgrade from vSphere 5.1 to vSphere 5.5 rolls back after importing Lookup Service data

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

For some vSphere 5.1 installations, when upgrading from vSphere 5.1 to vSphere 5.5, the VMware vCenter Single Sign-On (SSO) upgrade rolls back and the upgrade fails.
The vim-sso-msi.log file, located at %temp% ,you see entries similar to:
- Action TIME: PostInstallScripts. Importing Lookupservice data... CustomAction DoUpdateAndMigrateTasks returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
- MSI (s) (0C:E8) [TIME]: Hello, I'm your 64bit Elevated custom action server. Action 08:55:54: PostInstallScripts. Configuring SSO Components... PostInstallScripts: PostInstallScripts PostInstallScripts: PostInstallScripts PostInstallScripts: PostInstallScripts CustomAction BootstrapAll returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 08:56:09: InstallFinalize. Return value 3. MSI (s) (0C:B4) [08:56:09:908]: User policy value 'DisableRollback' is 0

Environment

VMware vCenter Server 5.5.x

Cause

The SSO upgrade fails if there is a mismatch between the certificate for the 5.1 SSO service and a related registry key that indicates that the system is DNS-enabled.

Note: This issue does not affect you if:

You are using custom certificates.
You are performing a fresh install of vCenter Server 5.5.
You are upgrading from vCenter Server 4.x/5.0 or a fresh installation of vCenter Server 5.1 Update 1a or later.

Resolution

This issue is resolved in vCenter Server 5.5.0a. With this release, if the SSL certificates use an IP address, the installation displays the message:

Setup has detected a problem with your current configuration which will cause upgrade to fail. See VMware KB article 2060511.

Your current configuration uses an IP address. vCenter Single Sign-On requires an FQDN to continue. Setup has detected domain-name.com for your machine. Click Accept to use domain-name.com instead of the IP address.

You must click Accept to continue with the installation.

To work around this issue when an upgrade from vCenter Server 5.1 to 5.5 failed and the upgrade is rolled back, remove the left over upgrade files before proceeding.

To remove left over upgrade files:

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see Microsoft Knowledge Base article 136393.

Note: The links in this article were correct as of August 5, 2014. If you find a link is broken, provide feedback and a VMware employee will update the link.

Remove the CIS folder located at:

%ProgramData%\Vmware\CIS

For example, remove the C:\ProgramData\Vmware\CIS folder.
Set the value of the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware Infrastructure\SSOServer\FQDNIP registry key to the FQDN value that is referenced in the SSL certificate for your vCenter 5.1 Single Sign-On service. The FQDN value is found either in the Subject Name field or as a DNS Name= entry in the multi-entry Subject Alt Name field of the certificate.
Restart your vCenter Server 5.5 upgrade.

Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box
Location of vCenter Single Sign-On log files for vCenter Server 5.1 and 5.5
"vCenter Single Sign-On Setup Wizard ended prematurely" error
vSphere 5.1 から vSphere 5.5 へのアップグレードが Lookup Service データのインポート後にロールバックする
导入 Lookup Service 数据后从 vSphere 5.1 升级到 vSphere 5.5 出现回滚