Latest Posts



Translate

Total Pageviews

Monday, 29 July 2013

Repointing and reregistering VMware vCenter Server 5.1.x and components(2033620)

I was getting this message and I resolved this Issue by using this KB Article. This might be helpful for all of you as well

Details

After certain changes to your vSphere deployment topography, you might need to repoint or reregister vCenter Server components with the vCenter Inventory Service or vCenter Single Sign-On and the vCenter Lookup Service to ensure that the components can continue to communicate.

Caution: The procedures in this article are supported by VMware only when used with the guidance of VMware Technical Support.

If a vCenter Single Sign-On instance fails or is corrupted, any associated vCenter Servers, Inventory Service instances, and vSphere Web Client instances lose access to vSphere. In this case, you have several options:

  • If you do not have another Single Sign-On instance, you can create a new Single Sign-On instance.
  • If your Single Sign-On instance is corrupted, and you have a current, uncorrupted backup of the Single Sign-On database and configuration, you can restore Single Sign-On to a new host machine. For information about creating, backing up, or restoring a Single Sign-On instance, see the vSphere 5.1 Installation and Setup Guide on the VMware vSphere Documentation page.
  • If your deployment has another Single Sign-On instance, you can repoint vCenter Server components to that instance.
Similarly, when you relocate a vCenter Server instance or make certain changes to the vCenter Inventory Service, you must reregister vCenter Server with vCenter Inventory Service.

Solution

If you are responding to a failed Single Sign-On instance, perform the procedures in this order:
  1. Remove the Inventory Service account

    Note: This is required only if you are reregistering the vCenter Inventory Service to the same Single Sign-On instance that the vCenter Inventory Service was originally registered to.
  2. Reregister vCenter Inventory Service with vCenter Single Sign-On
  3. Register vCenter Server with a different vCenter Single Sign-On instance
  4. Reregister vCenter Server with the Inventory Service
  5. Register the vSphere Web Client with a different vCenter Single Sign-On instance

Remove the Inventory Service account

This procedure is required only if you reregister vCenter Inventory Service to the same Single Sign-On instance that Inventory Service was originally registered to. When you reregister Inventory Service to the same Single Sign-On instance, you must first remove the Inventory Service account from the Single Sign-On application users. Otherwise, the reregistration will fail with the error, AlreadyRegistered.

To remove the Inventory Service account:
  1. In the vSphere Web Client, go to Administration.
  2. In SSO Users and Groups, click Application Users.
  3. Delete the Inventory Service account.

Reregister vCenter Inventory Service with vCenter Single Sign-On

During vCenter Inventory Service installation or upgrade, the Inventory Service is registered with a vCenter Single Sign-On instance, and the Inventory Service stores the location of the vCenter Single Sign-On instance. When you relocate a vCenter Single Sign-On instance or switch to a different Single Sign-On instance, update the corresponding Inventory Service instance. If a Single Sign-On instance fails or is corrupted, you can also use this procedure to repoint the Inventory Service to a different Single Sign-On instance.

If changes occur to any of these entities, reregister the Inventory Service with vCenter Single Sign-On using:
  • IP address of the vCenter Single Sign-On instance
  • vCenter Inventory Service host DNS or IP address
  • vCenter Inventory Service certificates
Note: If you are reregistering the Inventory Service to the same Single Sign-On instance, you must first remove the Inventory Service account from the Single Sign-On application users. For more information, see the Remove the Inventory Service account section. 
To reregister the Inventory Service with vCenter Single Sign-On:
  1. Open a command prompt on the Inventory Service host machine.
  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\Inventory Service\scripts

    Note: If you installed vCenter Inventory Service in a different location from the default C:\Program Files\, adjust the path.

    Note: Typically, short names are not disabled. However, if you have disabled short names on your system, or have removed short names for the folder where the Inventory Service and vCenter Server are installed, follow these steps:

    1. Open the regTool.cmd file with a text editor. The regTool.cmd file is located at:

      installation_path\Inventory Service\sso
    2. In the line beginning with set LOG4J_CONF=, enclose %TOOLDIR% in quotations marks:

      "%TOOLDIR%"
    3. Save and close the file.
  3. Run the is-change-sso.bat command to update the stored configuration information of the Inventory Service:

    is-change-sso.bat ssoServerUrl "ssoAdminuser" "ssoAdminPassword"

    Use this example as a model:

    is-change-sso.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1!"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.
  4. Restart the Inventory Service:

    net stop vimQueryService
    net start vimQueryService
The vCenter Inventory Service URL configuration is now updated and the Inventory Service is reregistered with vCenter Single Sign-On.

Note: If you are reregistering the Inventory Service to the same Single Sign-On instance, you must also reregister vCenter Server with the Inventory Service. For more information, see the Reregister vCenter Server with the Inventory Service section.

Register vCenter Server with a different vCenter Single Sign-On instance

During installation or upgrade, vCenter Server is registered with the Lookup Service for a vCenter Single Sign-On instance. You can change this registration to the Lookup Service for a different Single Sign-On instance. You might register vCenter Server to a different vCenter Single Sign-On instance if the original Single Sign-On instance fails, or if you add a new Single Sign-On node and want to associate vCenter Server with the new node.

Note: When you register vCenter Server to a new Single Sign-On instance, you lose these permissions:
  • All permissions created for users from the Single Sign-On system identity source
  • All permissions granted to users from identity sources that are not present in the new Single Sign-On instance
  • All permissions granted to local operating system users
To register vCenter Server to a different vCenter Single Sign-On instance:
  1. Open a command prompt on the vCenter Server host machine as administrator.
  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool

    Note: If you have installed vCenter Server in a location other than the default C:\Program Files\ folder, adjust the path. Also, in the repoint.cmd file, ensure that JAVA_HOME points to the correct location of your vCenter Server installation.
  3. Unzip the sso_svccfg.zip file.

    Note: Best practice is to unzip these files into a new folder and change directory to the new folder before executing the next step.
  4. Run this command to register vCenter Server to a different Single Sign-On instance:

    repoint.cmd configure-vc --lookup-server lookup_service_url --user single_sign_on_admin_user --password single_sign_on_admin_password --openssl-path "path_to_OpenSSL_bin_directory/"

    Note: If you installed vCenter Server in a location other than the default, you must add this option to the repointcommand:

    --vc-install-dir "path_to_vCenter_Server_install_directory"

    The openssl-path path must be enclosed in quotation marks and followed by a trailing forward slash. The openssl-path parameter is required to update the trust store with the new Lookup Service and Single Sign-On certificates. If you do not provide it, the command will execute successfully, but you must manually update the certificate trust store. See the information about updating the certificate trust store for vCenter components in the VMware tech note, Replacing Default vCenter 5.1 and ESXi Certificates.

    Use this example as a model:

    repoint.cmd configure-vc --lookup-server https://machinename.corp.com:7444/lookupservice/sdk --user "admin@System-Domain" --password "SSO_pw1!" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin/"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.

    Notes:
    • If you receive the error The system cannot find the path specified, verify that the %JAVA_HOME% location in the repoint.cmd script (by default, set to: C:\Program Files\VMware\Infrastructure\jre) exists, is populated with data, and points to the correct JRE folder. If it is not, check for C:\Program Files\VMware\Infrastructure\jre1, and if this exists, update the script to point to the correct JAVA_HOMElocation and try the command again.

      For example, change:

      set CMD="%JAVA_HOME%\bin\java"
      to:

      set CMD="directory\Program Files\VMware\Infrastructure\jre\bin\java.exe" 
    • If you receive the error Abnormal command failure: exception `Cannot locate configuration source C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregt ool\vcsso.properties', create the folder structure C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool and copy thevcsso.properties file in to the ssoregtool folder.
  5. Restart the VMware VirtualCenter Server and the VMware VirtualCenter Management Webservices services:

    1. In the Administrative Tools control panel, click Services.
    2. Right-click VMware VirtualCenter Server and click Restart.
    3. Right-click VMware VirtualCenter Management Webservices and click Restart.
The vCenter Server is now registered with the new Single Sign-On instance.

Reregister vCenter Server with the Inventory Service

During installation or upgrade, vCenter Server is registered with the vCenter Inventory Service, and the Inventory Service stores the location of vCenter Server. When you relocate a vCenter Server instance or make changes to the vCenter Inventory Service, you must update the corresponding Inventory Service instance.

Reregister the Inventory Service with vCenter Server if any of these entities change:
  • vCenter Inventory Service certificate
  • vCenter Server IP address or host name
  • vCenter Inventory Service address or host name
You must also reregister vCenter Server with the Inventory Service if you reinstall the Inventory Service on the same machine and if any of these conditions apply:
  • You overwrite the Inventory Service database during the reinstallation
  • You reinstall the Inventory Service with a different path to the installation directory
  • You change the Inventory Service port number
To reregister vCenter Server with the Inventory Service:
  1. Open a command prompt.
  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool

    Note: If you installed the vCenter Inventory Service in a location other than the default C:\Program Files\, adjust the path.
  3. Run the register-is.bat command to update the stored configuration information of the Inventory Service:

    register-is.bat vCenter_Server_URL Inventory_Service_URL Lookup_Service_URL

    Use this example as a model:

    register-is.bat https://machinename.corp.com:443/sdk https://machinename.corp.com:10443 https://machinename.corp.com:7444/lookupservice/sdk

    In this example, 443, 10443, and 7444 are the default HTTPS port numbers for vCenter Server, the Inventory Service, and vCenter Single Sign-On respectively. If you use custom ports, replace the port numbers in the example with the port numbers you use. The server FQDN should be used rather than an IP address for machinename.corp.com. If an IP address is used, you may see the SslHandshakeFailed=1 error.
  4. Restart vCenter Server.
The vCenter Inventory Service URL configuration is now updated and vCenter Server is reregistered with the Inventory Service.

Register the vSphere Web Client with a different vCenter Single Sign-On instance

During installation or upgrade, the vSphere Web Client is registered with the Lookup Service for a vCenter Single Sign-On instance. If the Single Sign-On instance fails or changes, you might need to register the vSphere Web Client with a different vCenter Single Sign-On Lookup Service.

If the vCenter Single Sign-On server fails or is corrupted, you can install a new Single Sign-On instance and register the vSphere Web Client to the new Single Sign-On instance. Alternatively, you can install a new vSphere Web Client and register it to the new Single Sign-On instance. For more information, see the vSphere Installation and Setup documentation.

If you repoint vCenter Server and the vCenter Inventory Service from the failed Single Sign-On instance to a different, existing Single Sign-On instance, you can use the vSphere Web Client that is already registered with that Single Sign-On instance.

To register the vSphere Web Client with a different vCenter Single Sign-On Lookup Service:
  1. Open a command prompt.
  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    Note: If you installed the vSphere Web Client in a location other than the default C:\Program Files\, adjust the path.
  3. Run the client-repoint.bat command to register the vSphere Web Client with a different vCenter Single Sign-On and Lookup Service:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    Use this example as a model:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1!"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.
The vSphere Web Client is now registered with the vCenter Single Sign-On and Lookup Service.
Source:-