Connect to vCenter Server (PSC) on jxplorer using the below format (vsphere.local as an example)
The protocol is LDAP v3.
The Security Level will be User + Password.
The Security User DN will be cn=administrator,cn=users,dc=vsphere,dc=local
The Security Password will be your administrator password for the Identity or SSO sever.
Go to the below locations and delete the entries in BOLD
local --> vSphere --> configuration --> Sites --> X00-SSO --> LookupService --> Service Registrations --> Delete the below
de1a1f26-a265-4035-a125-d13f4109c209
local --> vSphere --> SolutionUsers --> **Table Editor View** --> Delete the below
CN=SRM-de1a1f26-a265-4035-a125-d13f4109c209,CN=ServicePrincipals,DC=vsphere,DC=local
CN=SRM-5718d867-b270-4a39-a1ae-245f777dbf5e,CN=ServicePrincipals,DC=vsphere,DC=local
REAL PROCEDURE AND EXPERIENCE (VMware SR 22295166801)
All Repoint configuration settings are correct; proceed? [Y|y|N|n]: y
Starting License export ... Done
Export Service Data ... Done
Uninstalling Platform Controller Services ... Done
Stopping all services ... Done
Updating registry settings ... Done
Re-installing Platform Controller Services ... Done
Registering Infra services ... Done
Starting License import ... Done
Starting Authz Data import ... Done
Starting Tagging Data import ... Done
Starting CLS import ... Done
Starting WCP service import phase... ... Done
Starting NSXD import ... Done
Starting Trustmanagement import ... Done
Applying target domain CEIP participation preference ... Done
Starting all services ... Done
Repoint successful.
After that is X00-VI-VC01 without MS AD integration.
I try steps this next step:
- Pre check again from both vCenters and ensure "Pre-checks successful." is printed at the end for both. (Run from both vCenters)
- cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
- cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
- Execute from both vCenters and screenshot any errors you receive and send them to me
- cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
- cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
Both Precheck are without errors.
But Execute failed on X01-VI-VC01.
Starting License export ... Done
Export Service Data ... Done
Uninstalling Platform Controller Services ... Done
Stopping all services ... Done
Updating registry settings ... Done
Re-installing Platform Controller Services ... Done
Registering Infra services ... Failed
Repoint failed. Restore from backup
root@X01-VI-VC01 [ ~ ]#
I think, that is same problem with SRM stale records.
Starting License export ... Done
Export Service Data ... Done
Uninstalling Platform Controller Services ... Done
Stopping all services ... Done
Updating registry settings ... Done
Re-installing Platform Controller Services ... Done
Registering Infra services ... Done
Starting License import ... Done
Starting Authz Data import ... Done
Starting Tagging Data import ... Done
Starting CLS import ... Done
Starting WCP service import phase... ... Done
Starting NSXD import ... Done
Starting Trustmanagement import ... Done
Applying target domain CEIP participation preference ... Done
Starting all services ... Done
Repoint successful.
root@X00-VDI-VC01 [ ~ ]#
I try second atemt.
I make your steps. Than I make own steps:
- I connect to X01-VI-VC01 with jexplorer and make this steps
- local --> vSphere --> configuration --> Sites --> X00-SSO --> LookupService --> Service Registrations --> Delete the below
5718d867-b270-4a39-a1ae-245f777dbf5e
- local --> vSphere --> SolutionUsers --> **Table Editor View** --> Delete the below
- CN=SRM-de1a1f26-a265-4035-a125-d13f4109c209,CN=ServicePrincipals,DC=vsphere,DC=local
- CN=SRM-5718d867-b270-4a39-a1ae-245f777dbf5e,CN=ServicePrincipals,DC=vsphere,DC=local
- CN=SRM-de1a1f26-a265-4035-a125-d13f4109c209,CN=ServicePrincipals,DC=vsphere,DC=local
2.
X00-VI-VC01
cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name vsphere.local
step end OK
3.
X00-VDI-VC01
cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
step end OK
4.
X01-VI-VC01
cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
step end OK
5.
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -2 -h x01-vi-vc01.pcr.cz -H x00-vdi-vc01.pcr.cz -u Administrator
step end OK
6.
Configure Active Directory over LDAP
Now is all loks fine.
root@X00-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator
password:
ldap://X00-VDI-VC01.pcr.cz
ldap://X01-VI-VC01.pcr.cz
root@X00-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator
password:
Partner: X00-VDI-VC01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10314
Partner has seen my change number: 10314
Partner is 0 changes behind.
Partner: X01-VI-VC01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10314
Partner has seen my change number: 10314
Partner is 0 changes behind.
root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator
password:
ldap://x00-vi-vc01.pcr.cz
ldap://x01-vi-vc01.pcr.cz
root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator
password:
cn=x00-vi-vc01.pcr.cz,cn=Servers,cn=X00-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=x00-vdi-vc01.pcr.cz,cn=Servers,cn=X00-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local
cn=x01-vi-vc01.pcr.cz,cn=Servers,cn=X01-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local
root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator
password:
Partner: x00-vi-vc01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10306
Partner has seen my change number: 10306
Partner is 0 changes behind.
Partner: x01-vi-vc01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10306
Partner has seen my change number: 10306
Partner is 0 changes behind.
root@X00-VDI-VC01 [ ~ ]#
root@X01-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator
password:
ldap://x00-vi-vc01.pcr.cz
ldap://x00-vdi-vc01.pcr.cz
root@X01-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator
password:
Partner: x00-vi-vc01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10304
Partner has seen my change number: 10304
Partner is 0 changes behind.
Partner: x00-vdi-vc01.pcr.cz
Host available: Yes
Status available: Yes
My last change number: 10304
Partner has seen my change number: 10304
Partner is 0 changes behind.
root@X01-VI-VC01 [ ~ ]#
I think….case maybe closed. Than you very much for help and cool guidance.
Kindly regards
