Identify the Single Sign-On (SSO) deployment method for the vCenter Server

With vSphere 5.5 you have the following deployment methods for Single Sign-On (SSO):

  • vCenter Single Sign-On for your first vCenter Server
  • vCenter Single Sign-On for an additional vCenter Server in an existing site (formerly HA Cluster)
  • vCenter Single Sign-On for an additional vCenter Server with a new site (formerly Multisite)

Once SSO is installed it can be usefull to identify what deployment options are used for example in a Site Recovery Manager (SRM) deployment. The following steps can be used to identify what deployment option are used for SSO on a vCenter Server 5.5:

  • Browse to the following directory on the vCenter Server: C:\ProgramData\VMware\VMware VirtualCenter
  • Use a type command to display  the “LS_ServiceID.prop” file. The file contains the site name and indentifier.  For example:  SiteName1:10b042be-9b7a-467c-aa05-047a895c60fb
  • Repeat the above steps on the other vCenter Server(s)

If the string is the same in both sites SSO has deployed as:  “vCenter Single Sign-On for an additional vCenter Server in an existing site”. If the string is different, the vCenter Single Sign-On instance is deployed as:  “vCenter Single Sign-On for an additional vCenter Server with a new site”.

Upgrading Single Sign-On 5.1 to vCenter Single Sign-On 5.5 post task

With vCenter Single Sign-On (SSO) 5.5 there is no requirement for a SQL database anymore. SSO 5.5 uses a own VMware Directory Service (VMdir) database. So after the upgrade to SSO 5.5,  the Single Sign-On 5.1  database and users can be removed. This is a manual process. In SQL Management Studio remove the SSO (RSA) database and the “ RSA_DBA” and “ RSA_USER” users created.

image

vCenter Single Sign On (SSO) password reset

During the installation of the Windows vCenter Single Sing On (SSO) service you must provide a password for the SSO admin user named “admin@System-Domain”.

image

The password you enter is called the master password. If you change the master password, the password entered during the installation of the SSO service is needed as master password for resetting the “admin@System-Domain”. You can reset it by using the following syntax:

  • navigate to the following directory “\Program Files\VMware\Infrastructure\SSOServer\utils”
  • Use the “rsautil reset-admin-password” command.  The VMware KB article can be found here.

If you forgot the master password and have no other admin account, there is no supported way to reset the SSO password. You need to reinstall your vCenter environment!

There is an unsupported way to recover the SSO password by reading the sha256 hashed password. The complete procedure can be found on Schubis Blog.

Make sure that you document master SSO password entered during the installation. After the installation add some other users to Administrators group in SSO.  I hope VMware will make it possible to reset the “admin@System-Domain” password. in a future patch of release.