installation of new Vcenter server
Installation steps for Single Sign-On 5.5
- Mount the vSphere 5.5 installation media. The installation wizard appears.
- In the left pane, under Custom Install, click vCenter Single Sign-On and then click Install .
Note: If any of the prerequisites are not met, they are listed in the right pane under Prerequisites. - In the welcome screen, click Next.
- Review the End User License Agreement. If you agree, select the I accept the terms in the license agreement option and click Next.
- Review the Prerequisites check screen.
- Click Next.
- Select a deployment mode and click Next.
![]( "Observed SSO installation options")
The various deployment mode options include:- vCenter Single Sign-On for your first vCenter Server– Select this option to deploy your first SSO server. This server becomes the first SSO server in a new vSphere authentication domain.
After you select this option:- Provide a password for the SSO administrator user and click Next.
Note: This dialog shows information related to a domain by the name vsphere.local. This is not a domain that is auto-detected within the existing environment, but a net new domain used internally by vSphere. The administrator@vsphere.local account performs the same function as the admin@System-Domain account in previous versions of vSphere.
For more information about the administrator@vsphere.local account, see the vSphere Software Components section of thevCenter Server and Host Management Guide. - Provide a site name and click Next.
Note: The site name is used in environments where there are SSO servers in multiple sites. Ensure to select this name carefully because it cannot be changed in the vSphere Web Client after the installation completes.
- Provide a password for the SSO administrator user and click Next.
- vCenter Single Sign-On for an additional vCenter Server in an existing site– Select this option to add this SSO server to an existing vSphere authentication domain site. This server replicates information from an existing SSO server in the vSphere authentication domain.
After selecting this option:- Under vCenter Sign-On Information, specify the Partner host name. This is the host name of the alternative SSO instance.
- Specify the password for the administrator@vsphere.local user for the alternate instance and click Next.
Certificate information for the partner service you provided is displayed and you are asked if you trust the certificate. If you trust the certificate, click Continue. - Select the original site name defined during the installation for the primary node name from the dropdown and click Next.
Note: Both SSO instances share a common site name. Using this deployment mode is essential for configuring a load balanced HA Single Sign-On implementation.
- vCenter Single Sign-On for an additional vCenter Server with a new site – Select this option to add the SSO server to an existing vSphere authentication domain and create a new site. This server replicates information from an existing SSO server in the vSphere authentication domain.
After selecting this option:- Under vCenter Sign-On Information, specify the Partner host name. This is the host name of the alternative SSO instance.
- Specify the password for the administrator@vsphere.local user and click Next.
Certificate information for the partner service you provided is displayed and you are asked if you trust the certificate. If you trust the certificate, click Continue. - Enter a name for the new site.
Note: The site name is used in environments where there are SSO servers in multiple sites. Ensure to choose this name carefully because this name cannot be changed in the vSphere Web Client after the installation completes.
- vCenter Single Sign-On for your first vCenter Server– Select this option to deploy your first SSO server. This server becomes the first SSO server in a new vSphere authentication domain.
- Optionally, provide an alternative TCP port number for the SSO service and click Next.
Notes:- Changing the default ports is recommended only if you have an unchangeable port conflict in the same system.
- When using the custom installer for vSphere Web Client, Inventory Service, and vCenter Service, you are prompted for the Lookup Service URL. The prompts default to port 7444. If you change the port number now, you must manually update the port number in all future custom installers that would use this instance of SSO.
- Optionally, provide an alternative installation location and click Next.
Notes:- The installation requires 2 GB of disk space to be available. For more information, see the Hardware Requirement forvCenter Server, the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On section in the vSphere Installation and Setup Guide.
- The path must conform to NTFS naming restrictions. For more information, see the Microsoft article Naming Files, Paths, and Namespaces.
The preceding link was correct as of September 19, 2013. If you find the link is broken, provide feedback and a VMware employee will update the link.
- In the confirmation screen, click Install to start the installation process.
- Click Finish when the installation completes.
Upgrading to vCenter Server 5.5 Using a New Server
November 03, 2013by KevinNo comments
You may find that you want to start looking at upgrading your vCenter Server to version 5.5 to take advantage of new capabilities, a faster and improved web interface and the ability to upgrade your hosts to ESXi 5.5.
But what if your current server might be for example vCenter 5.1 on Windows 2008R2 with SQL 2005? You might want to take the opportunity to start clean on more current versions of Windows and/or SQL. This article is a summary of a process that worked for me as well as a few hurdles encountered along the way.
Before we begin, make sure you also consider the vCenter Server Appliance which is a hardened pre-built vCenter Server running on Linux. Some will desire to run vCenter Server on Windows and if so this post is for you.
This article also assumes SQL is running locally on the vCenter server. If the database is remote, this article will still work except that either you will not need to move the database, or you’ll be moving it to a different server.
UPDATE: As this process does not transfer the ADAM database, the existing security roles will NOT be migrated to the new server. These roles will have to be manually rebuilt unless you want to try some scripts as discussed in this post. Special thanks to Justin King ( @vCenterGuy ) for pointing out the issue and Frank Büchsel ( @fbuechsel ) for providing the link to scripting permissions import/export!
Build The New Server
The new server should be Windows 2012 but NOT the R2 version which is not yet supported. If you want to use a local database, go ahead and install the database at this point (we used SQL 2012).
SSL Certificates
We didn’t have custom SSL certificates but you will still need to transfer your SSL certs to work with your existing database. When I got to installing vCenter Server in a later step I encountered this error and had to go back and grab the certs.
On the current vCenter server you should be able to find the certificates in the following hidden directory:
- For Windows 2008:
C:\ProgramData\VMware\VMware VirtualCenter\SSL
- For Windows 2003:
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL
Copy everything in the SSL folder and create the following directory on the new server and place them here:
C:\ProgramData\VMware\VMware VirtualCenter\SSL
For more information see the following KB article on certificate errors related to vCenter Server installation
Transfer the Database (downtime begins)
Shutdown the vCenter Services so that we can transfer the database. There’s a few options here. Our vCenter DB was about 30GB so I simply did a detach and copied the DB files across the wire. If you have SQL 2008 or later you might want to take a compressed backup or look at a tool like Red Gate or LiteSpeed which can compress your SQL backups into much smaller files to transport. Additionally you also might be able to detach the relevant VMDKs and attach them to the new server, allowing you to copy them at disk speed.
Once you have the database running on the new server we can begin with the vCenter Server install.
vCenter Server install
First rule here is the use vCenter 5.5A (build 1378901) which fixes some authentication issues on Windows 2012 in some environments. Second rule is to install the elements one at a time. I prefer to be able to control each install individually and I’ll address each component below.
vCenter SSO Install
When you install this you have the option to sync with an existing SSO server. Since the only other server with SSO we were going to retire, I chose the “first server in new site” option. We will need to edit SSO later on to enable AD authentication but not yet.
vCenter Web Server Install
When I first installed this component I got a 404 from the web server on each attempt. As it turns out there is an issue described in this KB article such that the web server will return 404 errors when installed to a drive other than C. Normally I try to install everything I can to a non-C drive, but it seems that this component needs to be on the C drive to function properly.
vCenter Inventory Server and vCenter Server
These services are mostly straight forward installs. If you copied the SSL certificates above you should have no issues in this step. You will have the option to have vCenter automatically attempt to connect to the hosts or to do it manually. At this point vCenter server should be working, but only local accounts might be able to login.
To fix this login to the web UI for vCenter using either a local account or the SSO admin account and perform the following steps.
| 1 | Browse to Administration> Sign-On and Discovery> Configuration in the vSphere Web Client. |
| 2 | On the Identity Sources tab, click the Add Identity Source icon. |
Add the appropriate source type such as Active Directory and add it as one of the default domains. For more information see the following help chapter on setting default domains.
vCenter Update Manager (optional)
You should mostly be in business at this point but you may also want to install vCenter Update Manager. With this step there are a few additional considerations.
First of all you need to create a 32-bit DSN for the Update Manager Database. There’s a KB article here but I think my method was quicker. On the 2012 server open up the search charm and type “odbc” and press enter. You’ll see both the 32 and 64 bit versions of the ODBC configuration utility. Select the 32-bit utility and create your DSN, but…..
Make sure you use the SQL 2008 R2 Native Driver even if you are using a 2012 database. As explained in this article, the vCenter Update Manager service will fail to start when using the 2012 Native Client. Use the 2008 R2 Native Client against the 2012 SQL and it will work fine.
That’s basically it. To summarize take the following steps:
1) Build a new 2012 Server (not R2) and install SQL or other database
2) Copy the SSL certificates from the current vCenter to the new server
3) Shut down vCenter Server services
4) take backups and/or snapshots as desired
5) Using the method of your choice, forklift the current vCenter database to the new server (if SQL is local)
6) Install SSO
7) Install vCenter Web Server to the C: drive
8) Install Inventory Manager and then vCenter Server
9) Logon to vSphere with the web UI and configure SSO to authenticate to your Active Directory domains and/or other sources as desired.
10) Manually reconnect to your ESXi hosts if you selected this option
11) Install Update Manager using a 32-bit DSN and the 2008 R2 Native SQL Client.
Now you’ve got vCenter 5.5 using your same database but on a clean Windows 2012 server. Now you’re ready to take advantage of the new features ranging from the improved web interface, expanded OS support and the ability to update your hosts to ESXi 5.5. Happy virtualizing!