How to successfully repoint vCenter 6x appliance to another platform service controller – Step-By-Step
Repoint vCenter server to a another platform service controller is quite easy. Recently I needed to repoint a vCenter in a different site to it’s dedicated platform services controller. The current setup was an enhanced linked mode of two vCenters pointing to the same platform service controller. By deploying an additional platform service controller in the second site, you can avoid the failure of a single vCenter site. It is also possible to point the vCenter server appliances to an VIP (Virtual IP) hosted on a load balancer that is backed by two platform services controllers. But In this example, we will only show you the steps that are required to repoint a vCenter appliance to another platform service controller (without an load balancer).
The vCenter and platform service controller topology shown below is what we have in place right now. As you can see we have a single platform service controller in site A, that is serving the vCenter server appliances in both sites. If the current platform service controller fail, it will impact both vCenter servers and authentication towards the SSO will not work.
Note: the term site in this example is a physical location (datacenter).
In the desired setup we have two platform service controllers, one in site A and the other in site B within the same vSphere domain. The platform service controllers will be replication partners from each other. VMware already announced that the external platform service controllers will be deprecated, but this is a temporary setup I need to have before using the converge utility. In order to have this setup, we need to deploy a second platform service controller that has joined the SSO domain of site A. Click on this link for more information on how to deploy a second platform service controller in the same SSO domain
As mentioned before, VMware announced that the external platform service controller will be deprecated. The desired topology as shown below, will be the next phase. We can even implement VCHA (vCenter high availability) on both vCenters to have a redundant setup. This will be explained in the follow-up blog post.
Verify the current SSO members
First of all, we need to make sure that the platform service controller in site B is replicating with the platform service controller in site A. To verify this we need to logon to the platform service controller in site B with SSH. The following command will show you all the current members that participating in the vSphere SSO domain:
cd /usr/lib/vmware-vmdir/bin ./vdcrepadmin -f showservers -h PSC_FQDN -u administrator -w Administrator_Password
Even though we already know the platform service controller topology, there is a command to check the partnership of each platform service controller. Run the following command on each platform service controller to determine all of the partnerships:
cd /usr/lib/vmware-vmdir/bin ./vdcrepadmin -f showpartners -h PSC_FQDN -u administrator -w Administrator_Password
Verify replication status
Before proceeding with the repoint task of the vCenter server to the platform service controller in site B, we need to verify the replication between the two nodes. This can easily be done with the following command:
Note: This CLI is limited to execution only against the local PSC. Using the command to query the replication status from one PSC to a different PSC is not yet supported.
cd /usr/lib/vmware-vmdir/bin ./vdcrepadmin -f showpartnerstatus -h PSC_FQDN -u administrator -w Administrator_Password
Repoint the vCenter to another platform service controller
The final task is repointing the vCenter server in site B to the platform service controller in site B. Use SSH to login to the vCenter server in site B and use the following command to perform the repoint task.
Note: Use the –dc-port port_number option if the Platform Services Controller runs on a custom HTTPS port. The default value of the HTTPS port is 443.
cmsso-util repoint --repoint-psc psc_fqdn_or_static_ip
Time to test
After the successful repoint task of the vCenter server, we should now test and verify if the vCenter server is using the platform service controller in site B. This can easily be done by opening a browser and browse to the URL of the vCenter server in site B. Launch the HTML5 or FLEX client and verify if you are redirected to the platform service controller in site B.
One of the follow-up post will be about the desired topology as mentioned previously. If you have any questions about this topic or if you need any help, please use the comment section below or send me a mail via the contact page.
[New blog post] Build your own VCF 4.0.1 test lab with VLC. #vExpert #VMware #VCF https://vkernelblog.com/build-your-own-vcf-4-0-1-test-lab-with-vlc/
These cool stickers just arrived today! You can easily get them yourself. The only thing you need to do is deploy VCF with VLC and send a DM to @SDDCCommander. Thank you for the stickers @SDDCCommander. #vExpert #VMware
How to make sense of generic errors in vSphere? It might be worth to check out API-Responses. Found a trick while troubleshooting:'Check the Network Settings and make sure you have network access to the Identity Source' Read my new blog #vmware #API