WilliamLam.com

vCenter Server 6.0 Tidbits Part 2: What is my SSO Domain Name & Site Name?

04.07.2015 by William Lam // 27 Comments

When deploying an Embedded vCenter Server or an external Platform Services Controller, one of the configurations you will be asked for is the vCenter Single Sign-On Domain Name and Site Name as seen in the screenshot below.

In addition to troubleshooting, you will also need to know about the SSO Domain Name + Site Name if you plan on deploying additional Platform Services Controller for replication purposes or additional vCenter Servers. It is important to note that you do not need to know this information explicitly when deploying using the new Guided UI Installation. You just need to know the hostname/IP Address of your PSC as the rest of the information will automatically be obtained by the tool.

The issue only arises when you are trying to perform a Scripted Installation and this is where you will need to provide both the SSO Domain Name and Site Name and below are the instructions on retrieving this information.

First off, you will need to login to your Platform Services Controller whether that be on a Windows Server or the VCSA.

SSO Domain Name

You will find it in the following two configuration files:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\install-defaults\vmdir.domain-name

VCSA:

/etc/vmware/install-defaults/vmdir.domain-name

VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

For more details, check out my previous blog post: vCenter Server 6.0 Tidbits Part 1: What install & deployment parameters did I use?

SSO Site Name

First, you will need to identify where your Lookup Service is running on which is located on your PSC or your Embedded VC instance. What we are ultimately looking for is Lookup Service URL which is in the following format: https://[SERVER]/lookupservice/sdk If for whatever reason you do not know where your PSC is, then you can login to your vCenter Server and find the Lookup Service URL by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe" get-ls-location --server-name localhost

VCSA:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

Once we have the Lookup Service URL, we can then find the SSO Site Name by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\python\python.exe" "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py" get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk"

VCSA:

/usr/lib/vmidentity/tools/scripts/lstool.py get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk 2> /dev/null

VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

As you can see the process to find the SSO Site Name is not really intuitive, but I know Engineering is aware of this and has plans to simplify this in the future.

vCenter Server 6.0 Tidbits Part 1: What install & deployment parameters did I use?

04.06.2015 by William Lam // 6 Comments

This is the first part in a new blog series that I will be working on in which I will be sharing some simple tips and tricks that I learned along the way while working with vCenter Server 6.0, these especially came in handy during the early development of vSphere 6.0. These tidbits will include information covering both the vCenter Server for Windows (VCS) as well as the vCenter Server Appliance (VCSA).

When installing VCS or deploying the VCSA, you are prompted to fill out a variety of inputs based on the deployment type, SSO Domain, database information, etc. These "install parameters" are then fed into the configuration of either your vCenter Server (Embedded) or separated out with vCenter Server Management Node and Platform Services Controller Node.

After you successfully deployed your vCenter Server and say a couple of weeks has passed and you are now wondering what install parameters you used either for auditing, informational purposes or more likely you may need to know one of these parameters for adding additional instances say for Enhanced Linked Mode, how might you go and retrieve this information?

Luckily, VMware has made finding this information extremely easy by providing a tiny little utility called "install-parameter" and here are the locations for both platforms:

Windows:

"C:\Program Files\VMware\vCenter Server\bin\install-parameter.bat"

VCSA:

/bin/install-parameter

The utility accepts the name of a well defined set of installation parameters, an example would be "vmdir.domain-name" which specifies the name of the SSO Domain that you had configured:

You can see the complete list of available installation parameters under the following paths in the two platforms:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\install-defaults

VCSA:

/etc/vmware/install-defaults

For your convenience, I have also listed all the installation parameters in the table at the very bottom of this post.

In addition to these installation parameters, there are two additional ones that I would like to mention which are not part of this list.

Database Type

The information is stored in a file called db.type with possible values of: embedded, oracle and mssql and here are the paths for the two platforms:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\db.type

VCSA:

/etc/vmware/db.type

The possible values for this files is: embedded, oracle and mssql

Deployment Type

The information is stored in a file called deployment.node.type with possible values of: embedded, management and here are the paths for the two platforms:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\deployment.node.type

VCSA:

/etc/vmware/deployment.node.type

For those with a critical eye, you might have noticed there is one installation parameter that is not available in any of these files and that would be the SSO Domain Site Name. This property is not really important (outside of troubleshooting) unless you need to add additional Platform Services Controller and replicate with an additional one or adding additional vCenter Servers for enabling Enhanced Linked Mode support. This property is one of the required parameters when performing a scripted install but is not needed if performing the deployment using the guided install method. In the next blog post, I will show you how you can retrieve this property.

vCenter Server 6.0 Installation Parameter

autodeploy.ext.managementport
autodeploy.ext.serviceport
cis-license.int.http
cm.int.cmhttp
cm.url
cm.url.path
db.dsn
db.instance
db.presetupdone
db.provider
db.servername
db.serverport
db.user
eam.int.http
invsvc.int.http
mbcs.int.http
netdumper.ext.serviceport
netdumper.int.webport
perfcharts.int.https
rhttpproxy.cert
rhttpproxy.conf.path
rhttpproxy.ext.port1
rhttpproxy.ext.port2
sca.hostid
sca.int.scahttp
sps.int.pbmhttp
sps.int.pbmhttps
sps.int.smshttp
sps.int.smshttps
sps.int.spshttp
sps.int.spshttps
sshd.ext.port1
syslog.ext.port
syslog.ext.tls
syslog.int.http
syslog.int.port
system.hostname
system.hostname.type
system.urlhostname
system.vm0.hostname
vapi.int.endpoint-http
vapi.int.jmx-port
vc.conf.path
vc.home.path
vc.instance.cfg.path
vmafd.ext.port1
vmca.cert.dir
vmca.ext.port1
vmdir.admin-dn
vmdir.domain-dn
vmdir.domain-name
vmdir.ext.port1
vmdir.ext.port2
vmdir.ldap-port
vmdir.ldu-guid
vmdir.site-guid
vmdir.username
vmkdc.ext.port1
vmkdc.ext.port2
vmkdc.ext.port3
vpostgres.int.server_port
vpxd.ext.port1
vpxd.ext.port2
vpxd.int.sdk-port
vpxd.int.sdk-tunnel-port
vsan-observer.ext.port1
vsm.int.http
vsm.int.https
vsphere-client.ext.port1
workflow.int.jmx-port
workflow.int.service-port
workflow.int.vapi-port

Easily automate ESXi 6.0 Active Directory join using domainjoin-cli

04.06.2015 by William Lam // 9 Comments

A nice little enhancement that I recently came across in ESXi 6.0 is the inclusion of the Likewise utility called domainjoin-cli which allows you to join a system to an Active Directory Domain. Previously, if you wanted to automate the process of joining an ESXi host to an Active Directory Domain, you had to either manually configure it using the vSphere Web/Client, using Host Profiles or creating an external script using the vSphere APIs.

All of these options were mostly executed during the post-provisioning process and if you wanted to include Active Directory configuration as part of the provisioning process, you may have had to resort to something like calling into the vSphere MOB within a Kickstart script as I had shown back in 2011 in this article here. The solution I came up with was not ideal but it worked for those that did not want to have additional steps after initial provisioning.

With the domainjoin-cli utility now included in the ESXi Shell of ESXi 6.0, you easily automate the joining an Active Directory Domain with just a couple of lines added to your Kickstart or provisioning scripts. Before you can use the command-line utility, you will need to ensure the Likewise Service Manager Daemon is running by running the following two commands which will start the service and also ensure the service automatically starts up:

/etc/init.d/lwsmd start
chkconfig lwsmd on

Next, to join to your Active Directory Domain, you will need to specify the following 3 parameters:

join - Specifying the operation is a join versus a leave
AD Domain Name - Active Directory Domain to join
AD Username - Active Directory username to join to the domain
AD Password - Active Directory password to join to the domain (optional as you will be prompted if it is not specified)

Here is an example of what the command looks like joining my Active Directory Domain in my lab:

/usr/lib/vmware/likewise/bin/domainjoin-cli join primp-industries.com administrator [PASSWORD]

You should see a success message if the ESXi host was successfully joined to the Active Directory Domain and you will want to reboot your ESXi host for the changes to take full effect. This is definitely a simpler method to include into an ESXi Kickstart script to automate the joining of an Active Directory Domain and hopefully you will find this handy when using ESXi 6.0.