WilliamLam.com

vCenter Server 6.0 Tidbits Part 7: Connecting to SSO/PSC using JXplorer

by // 7 Comments

I have written about using JXplorer before which is a free LDAP browser utility that can connect to vCenter SSO's vmdird (VMware Directory Service) which you can find more details here. In vSphere 6.0, there are a couple of minor changes you will need to be aware of if you need to connect to SSO which is now located in the Platform Services Controller. The first change is that port 11711 is no longer used and has now changed to 389 when performing a fresh install of vSphere 6.0, else the port will be preserved as noted in the comments section. The second change when using JXplorer to connect to the vmdird is that BaseDN property is no longer needed and if you try to specify it, you will not be able to connect.

Here are the updated instructions to connect to vmdird in vSphere 6.0 which is now located in the PSC or in an embedded deployment.

Disclaimer: Please take extreme caution when connecting to the vmdird database, this is primary for educational purposes. You should take extreme care in making changes while in the database else you can negatively impact your environment.

Host: Hostname/IP Address of PSC
Protocol: LDAPv3
Port: 389
Level: User + Password
User DN: cn=Administrator,cn=Users,dc=vghetto,dc=local
User DN: SSO Admin Password

jexplorer-platform-service-controller-1
In addition, I also wanted to also mention a couple more tidbits that could come in handy when connecting directly to the vmdird, especially in a troubleshooting scenario. The first is finding the SSO Domain Name which is displayed by expanding the tree, in my environment it is called vghetto.local and the second is finding the SSO Site Name which is under "Configuration->Sites" which can be seen in the screenshot below.

On top of that, if you wish to find all deployed PSC's, you can do so by expanding "Configuration->Sites->Servers" and by expanding each of those sub-entries you can also see if they are replicating to other PSC's.

jexplorer-platform-service-controller-3
If you wish to find all deployed and connected vCenter Servers associated with the current PSC, you can expand "Computers".

jexplorer-platform-service-controller-2

vCenter Server 6.0 Tidbits Part 2: What is my SSO Domain Name & Site Name?

by // 27 Comments

When deploying an Embedded vCenter Server or an external Platform Services Controller, one of the configurations you will be asked for is the vCenter Single Sign-On Domain Name and Site Name as seen in the screenshot below.

Screen Shot 2015-04-02 at 2.54.22 PM
In addition to troubleshooting, you will also need to know about the SSO Domain Name + Site Name if you plan on deploying additional Platform Services Controller for replication purposes or additional vCenter Servers. It is important to note that you do not need to know this information explicitly when deploying using the new Guided UI Installation. You just need to know the hostname/IP Address of your PSC as the rest of the information will automatically be obtained by the tool.

locate-sso-site-name-1
The issue only arises when you are trying to perform a Scripted Installation and this is where you will need to provide both the SSO Domain Name and Site Name and below are the instructions on retrieving this information.

First off, you will need to login to your Platform Services Controller whether that be on a Windows Server or the VCSA.

SSO Domain Name

You will find it in the following two configuration files:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\install-defaults\vmdir.domain-name

VCSA:

/etc/vmware/install-defaults/vmdir.domain-name

VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

For more details, check out my previous blog post: vCenter Server 6.0 Tidbits Part 1: What install & deployment parameters did I use?

SSO Site Name

First, you will need to identify where your Lookup Service is running on which is located on your PSC or your Embedded VC instance. What we are ultimately looking for is Lookup Service URL which is in the following format: https://[SERVER]/lookupservice/sdk If for whatever reason you do not know where your PSC is, then you can login to your vCenter Server and find the Lookup Service URL by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe" get-ls-location --server-name localhost

VCSA:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

locate-lookupservice
Once we have the Lookup Service URL, we can then find the SSO Site Name by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\python\python.exe" "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py" get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk"

VCSA:

/usr/lib/vmidentity/tools/scripts/lstool.py get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk 2> /dev/null

locate-sso-site-name-2
VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

As you can see the process to find the SSO Site Name is not really intuitive, but I know Engineering is aware of this and has plans to simplify this in the future.