Using the cmsso command to unregister vCenter with External PSC or vCenter with Embedded PSC from Single Sign-On
book
Article ID: 316470
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Should you no longer need an external PSC or embedded PSC/vCenter or if an appliance stops responding, you can decommission and delete the appliance from the vSphere domain and inventory.
Important Notes:
Pre-vCenter 6.7 U1: the process of removing a PSC or vCenter Server from the vSphere domain is irreversible. After you remove an appliance from the vSphere domain, you cannot rejoin it to the same vSphere domain. You must perform a re-install or a re-deploy of the PSC or vCenter Server to rejoin the vSphere domain.
The procedure in this KB should not be used to separate PSCs/vCenters in ELM from each other. The intended purpose of this KB is to describe the process to clean leftover & stale PSC/vCenter entries from the SSO domain.
Post-vCenter 6.7 U1, the Cross Domain Repoint feature can be used for the following scenarios but is not limited to:
Repoint a vCenter to another external PSC in another vSphere domain
Repoint an embedded PSC/vCenter to another embedded PSC/vCenter in a different existing vSphere domain
Migrate an embedded PSC/vCenter to a newly created domain (where the migrated PSC/vCenter is the first instance. Reference: Repoint an Embedded Node to a New Domain
Executing cmsso-util unregister command is supported only on an External Platform Services Controller (PSC) or a vCenter Server with Embedded Platform Services Controller (Embedded Node)
In the cmsso-util unregister commands - omitting the --passwd option will prompt you for SSO Admin credentials upon execution
Environment
VMware vCenter Server 6.0.x
VMware vCenter Server 6.5.x
VMware vCenter Server 6.7.x VMware vCenter Server 7.0.x VMware vCenter Server 8.0.x
VMware vCenter Appliance 6.5.x
VMware vCenter Appliance 6.7.x
VMware vCenter Appliance 7.0.x
VMware vCenter Appliance 8.0.x
Resolution
Process to Decommission a Node from the vSphere Domain and Inventory:
Decommission an External Platform Services Controller (PSC)
Decommission an Embedded PSC/vCenter and/or vCenter (that points to an External PSC)
NOTE: BEFORE PROCEEDING, ENSURE OFFLINE SNAPSHOTS OF ALL PSCS and VCS IN THE SSO DOMAIN AND/OR BACKUPS ARE IN PLACE IMMEDIATELY PRIOR TO THIS OPERATION.
Prerequisite: Find and note the PSC that the vCenter Server is currently pointing to by running the below commands. If the vCenter has an Embedded PSC the output will indicate that it is pointing to itself:
Process to Decommission an External Platform Services Controller
Power off the Platform Services Controller that you no longer need.
Manually re-point all vCenter Servers and all vCenter Server instances registered with the soon to be decommissioned External PSC to another PSC within the same vSphere domain.
For more information about re-pointing vCenter Server Appliances and all vCenter Server instances to another Platform Services Controller, see the vSphere Installation and Setup Guide.
External PSC Appliance:
SSH to one of the other working External PSC appliances or Embedded PSC/vCenter within the same SSO domain via root
To enable the Bash shell, run:
shell.set --enabled true
Run the shell command to start the Bash shell and log in.
Run the cmsso-util unregister command to unregister the stopped/powered off External PSC:
Where External_Platform_Services_Controller_System_Name is the FQDN or IP address of the PSC that you want to decommission. You must run this command only on one of the PSC replication partners, as the synchronization removes the entries from all other PSC replication partners. Please enter vCenter_Single_Sign_On_password in quotes.
Note: there is downtime involved in executing the cmsso-util unregister command. It will restart the services on the node where you are executing the command.
Delete the PSC appliance that you no longer need from the vSphere inventory.
Windows PSC:
On one of the other working External Windows PSC or Embedded PSC/vCenter within the same SSO domain, click Start > Run, type cmd, and click OK. The Command Prompt window opens.
Navigate to C:\Program Files\VMware\vCenter Server\bin\
Run the cmsso-util unregister command to unregister the stopped/powered off External PSC:
Where External_Platform_Services_Controller_System_Name is the FQDN or IP address of the PSC that you want to decommission. You must run this command only on one of the PSC replication partners, as the synchronization removes the entries from all other PSC replication partners. Please enter vCenter_Single_Sign_On_password in quotes.
Note: there is downtime involved in executing the cmsso-util unregister command. It will restart the services on the node where you are executing the command.
Delete the PSC appliance that you no longer need from the vSphere inventory.
Process to Decommission an Embedded PSC/vCenter and/or vCenter (that points to an External PSC)
vCenter Server Appliance:
Power off the vCenter Server Appliance you are decommissioning.
SSH to one of the other working External PSC or Embedded PSC/vCenter appliance within the same SSO domain via root
To enable the Bash shell, run:
shell.set --enabled true
Run the shell command to start the Bash shell and log in.
Run the cmsso-util unregister command to unregister the vCenter Server Appliance:
Where vCenter_Server_Appliance_System_Name is the FQDN or IP address of the vCenter Server Appliance that you want to decommission. Please enter the vCenter_Single_Sign_On_password in quotes.
Note: there is downtime involved in executing the cmsso-util unregister command. It will restart the services on the node where you are executing the command.
Delete the vCenter Server Appliance that you no longer need from the vSphere inventory.
Windows vCenter Server:
Power off the vCenter Server you are decommissioning.
On an External PSC or Embedded PSC/vCenter Server in the same SSO domain, click Start > Run, type cmd, and click OK. The Command Prompt window opens.
Navigate to C:\Program Files\VMware\vCenter Server\bin\.
Run the cmsso-util unregister command to unregister the vCenter Server:
Where vCenter_Server_System_Name is the FQDN or IP address of vCenter Server that you want to decommission. Please enter the vCenter_Single_Sign_On_password in quotes.
Note: there is downtime involved in executing the cmsso-util unregister command. It will restart the services on the node where you are executing the command.
Additional Information
Note: Retry executing the the cmsso-util command without --passwd portion if the command fails immediately with error "Failed!!!". It will prompt for the SSO admin user password as indicated in the notes section at the top of the KB.
Note: (version 6.5 onwards) To get a list of vCenters and PSCs in the SSO domain, run the below command from a PSC or vCenter with Embedded PSC: /usr/lib/vmware-vmafd/bin/dir-cli nodes list
This list will also indicate what type of node each machine in the SSO domain is. A Management node refers to a vCenter with an external PSC. A PSC node refers to either a PSC machine or a vCenter with Embedded PSC.