Configuring PSC 6.0 High Availability after upgrading from SSO 5.5 High Availability
Article ID: 330159
Updated On:
Products
VMware vCenter Server
Issue/Introduction
This article provides the procedure to configure Platform Services Controller (PSC) High Availability after upgrading from a previously configured Single Sign-On 5.5 High Availability installation.
If you are configuring PSC High Availability for a new installation, see the following articles:
Symptoms:
If you are configuring PSC High Availability for a new installation, see the following articles:
- Configuring Windows PSC 6.0 High Availability for vSphere 6.0 (2113085)
- Configuring PSC 6.0 High Availability for vSphere 6.0 using vCenter Server 6.0 Appliance (2113315)
If you are configuring PSC High Availability on vSphere 6.5, refer to Configuring Platform Service Controller HA in vSphere 6.5 (2147018).
Symptoms:
Resolution
Before proceeding, ensure you have configured the Load Balancer with the required VIP Pools for ports 443, 389, 636, 2012, 2014, and 2020. For more information on configuring an F5 BIG-IP, see Configuring F5 BIG-IP Load Balancer for use with vSphere Platform Services Controller (PSC) 6.0 (2098006).
A - Upgrade each SSO 5.5 to PSC 6.0:
Upgrade the first SSO 5.5 Node to a PSC 6.0.
Upgrade the additional SSO 5.5 Node to a PSC 6.0.
For more details on the upgrade process, see the Upgrade vCenter Single Sign-On 5.5 for External Deployment section of the vSphere Upgrade Guide.
B - Perform these steps on Both PSC Nodes:
Continue with the upgrade of the remaining components to vCenter Server 6.0. For more information, see the VMware vCenter Server 6.0 Deployment Guide.
A - Upgrade each SSO 5.5 to PSC 6.0:
Upgrade the first SSO 5.5 Node to a PSC 6.0.
Upgrade the additional SSO 5.5 Node to a PSC 6.0.
For more details on the upgrade process, see the Upgrade vCenter Single Sign-On 5.5 for External Deployment section of the vSphere Upgrade Guide.
B - Perform these steps on Both PSC Nodes:
- Download the PSC HA Scripts from the Download VMware Platform Services Controller 6.0.
- Extract the contents to C:\ha.
Note: Create the ha folder if it is not already created.
- Copy the Root CA Certificate that had been issued to the SSO 5.5 HA to C:\ha\root.crt.
Note: If you also have an Intermediate CA Certificate then root.crt should be a chain of all Intermediate's and Root.
- Copy the Load Balancer Certificate and Private Key used for SSO 5.5 HA to C:\ha\lb.crt and C:\ha\lb.key respectively.
- Click Start > Run, type cmd and click OK.
- Navigate to C:\ha
- Run this command on each PSC Node.
"C:\Program Files\VMware\vCenter Server\python\python.exe" gen-lb-cert.py --upgrade --lb-fqdn= load_balanced_fqdn --root-cert=c:\ha\root.crt
Note: load_balanced_fqdn is the FQDN of the Load Balanced Address. The command will prompt for the [email protected] password.
Example:
"C:\Program Files\VMware\vCenter Server\python\python.exe" gen-lb-cert.py --upgrade --lb-fqdn=sso-ha-vip.domain.com --root-cert=c:\ha\root.crt
Initialization complete
Modifying hostname.txt
modifying server.xml
"Executing dir-cli command
Enter Password:
Executing StopService --all
INFO:root:Service: vmware-license, Action: stop
INFO:root:Service: vmwareServiceControlAgent, Action: stop
INFO:root:Service: VMwareComponentManager, Action: stop
INFO:root:Service: rhttpproxy, Action: stop
INFO:root:Service: VMwareSTS, Action: stop
INFO:root:Service: VMwareIdentityMgmtService, Action: stop
INFO:root:Service: VMWareCertificateService, Action: stop
INFO:root:Service: VMWareDirectoryService, Action: stop
INFO:root:Service: VMWareAfdService, Action: stop
INFO:root:Service: vmware-cis-config, Action: stop
Executing StartService --all
INFO:root:Service: vmware-cis-config, Action: start
INFO:root:Service: VMWareAfdService, Action: start
INFO:root:Service: rhttpproxy, Action: start
INFO:root:Service: VMWareDirectoryService, Action: start
INFO:root:Service: VMWareCertificateService, Action: start
INFO:root:Service: VMwareIdentityMgmtService, Action: start
INFO:root:Service: VMwareSTS, Action: start
INFO:root:Service: VMwareComponentManager, Action: start
INFO:root:Service: vmware-license, Action: start
INFO:root:Service: vmwareServiceControlAgent, Action: start
- Click Start > Run, type cmd and click OK.
- Navigate to C:\sso-ha.
- Run this command:
"C:\Program Files\VMware\vCenter Server\python\python.exe" lstoolHA.py --hostname=sso_node_1_fqdn --lb-fqdn=load_balanced_fqdn --lb-cert-folder=C:\ha [email protected]
Note: sso_node_1_fqdn is the FQDN of the First PSC Node and load_balanced_fqdn is the FQDN of the Load Balanced Address. The command will prompt for the [email protected] password.
Example:
"C:\Program Files\VMware\vCenter Server\python\python.exe" lstoolHA.py --hostname=sso-node-1.domain.com --lb-fqdn=sso-ha-vip.domain.com --lb-cert-folder=C:\ha [email protected]
Password:
2015-03-16 10:05:06,665 INFO com.vmware.identity.token.impl.SamlTokenImpl - SAML token for SubjectNameId [[email protected], format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
2015-03-16 10:05:06,713 INFO com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl - Successfully acquired token for user: [email protected]
2015-03-16 10:05:07,305 WARN com.vmware.vim.vmomi.client.http.impl.HttpConfigurationCompilerBase$ConnectionMonitorThreadBase - Shutting down the connection monitor.
Note: The command ends with the preceding messages when completed successfully.D - Perform these steps on the additional PSC Node:
- Backup the contents of the C:\ProgramData\VMware\vCenterServer\cfg\sso\keys folder.
- Copy ssoServerRoot.crt, ssoServerSign.crt, ssoServerSign.key and ssoServerSign.pub from the folder C:\ProgramData\VMware\vCenterServer\cfg\sso\keys on the first PSC Node to the same directory on the additional PSC Node.
- Stop the VMwareSTS Service by running the command:
net stop VMwareSTS
- Run this command to re-install the STS Certificates:
"C:\Program Files\VMware\vCenter Server\jre\bin\java.exe" -cp "C:\Program Files\VMware\vCenter Server\VMware Identity Services\*;C:\Program Files\VMware\vCenter
Server\vmware-sso\commonlib\*;.;*" -Dvmware.log.dir=C:\ProgramData\VMware\vCenterServer\logs\sso\ com.vmware.identity.installer.STSInstaller --install --root-cert-path "C:\ProgramData\VMware\vCenterServer\cfg\sso\keys\ssoserverRoot.crt" --cert-path "C:\ProgramData\VMware\vCenterServer\cfg\sso\keys\ssoserverSign.crt" --private-key-path "C:\ProgramData\VMware\vCenterServer\cfg\sso\keys\ssoserverSign.key" --retry-count 10 --retry-interval 30
- If successful, you will see output similar to:
''Installing VMware STS...''
''Successfully installed VMware STS.''
- Start the VMwareSTS Service
net start VMwareSTS
Continue with the upgrade of the remaining components to vCenter Server 6.0. For more information, see the VMware vCenter Server 6.0 Deployment Guide.
Additional Information
Configuring F5 BIG-IP Load Balancer for use with vSphere Platform Services Controller (PSC) 6.0
Configuring Windows PSC 6.0 High Availability for vSphere 6.0
Configuring PSC 6.0 High Availability for vSphere 6.0 using vCenter Server 6.0 Appliance
SSO 5.5 高可用性からアップグレードした後の PSC 6.0 高可用性の構成
从 SSO 5.5 High Availability 升级后配置 PSC 6.0 High Availability
Configuring Platform Service Controller HA in vSphere 6.5
Configuring Windows PSC 6.0 High Availability for vSphere 6.0
Configuring PSC 6.0 High Availability for vSphere 6.0 using vCenter Server 6.0 Appliance
SSO 5.5 高可用性からアップグレードした後の PSC 6.0 高可用性の構成
从 SSO 5.5 High Availability 升级后配置 PSC 6.0 High Availability
Configuring Platform Service Controller HA in vSphere 6.5
Feedback
Yes
No
Powered by
