I'm looking for a clean way of upgrading our 4 virtual datacenters which are currently @ VCSA 5.5 with embedded SSOs to VCSA 6.0 using external PSC. (we want to take advantage of site-site vmotion). There are a number of ways to attempt this, including one suggested by VMware tech support.
- Their idea was to deploy a separate VCSA 5.5 embedded appliance and use it as a pseudo external SSO ( i use pseudo because its still a full VCSA), then point the current 5.5 VCSA to that pseudo SSO appliance using the VCSA 5.5 :5480 page. Then upgrade the VCSA pseudo SSO appliance to a pseudo External 6.0 PSC . Then upgrade the VCSA to 6.0. The problem with this solution is you are unable to change the domain name or site name at any time during that process. We can live with the canned vsphere.local domain name but need to explicitly name the 4 different site names.
- I've also tried deploying a fresh 6.0 external PSC where I was able to specify a new domain name and label the site appropriately. I then upgraded the current VCSA 5.5 to 6.0 with an embedded PSC (no other option available here). I then followed the steps in vSphere 6.0 Documentation Center which is supposed to reconfigure a standalone vcenter Server Appliance with embedded psc to an external psc. This trial ended with an failure error stating the vcenter server and external psc are not replication partners. All attempts to correct this error were unsuccessful.
- The only other solution i tried was to deploy a fresh 6.0 external PSC, then point the 5.5 VCSA to that 6.0 PSC using the VCSA 5.5 :5480 page. That went well up until testing time. The :5480 page UI showed vpxd hanging at initializing and eventually failed to start. The vpxd.log is littered with thumbprint errors, there is no inventory in the web client of the 5.5 VCSA, and the summary screen shows the error "Could not connect to one or more vCenter Server systems: https://<fqdn of 5.5 vcsa>:443/sdk" I could not track down what cert or thumbprint was missing, corrupt or whatnot. There were a few KBs pointing toward duplicate application User accounts, but correcting these had no effect.
- There are many well documented solutions which im sure would work for vCenter Servers running on Windows Servers, since the 5.5 install for that option does indees give you the choice to install a seperate SSO piece if you wish. This option is not available for a VCSA 5.5 installation
So if anyone has any good ideas, good documentation, or can help with any of the above errors, I would appreciate it. Once a good solution is ironed out, I plan on posting that solution out somehere for tothers to use.
Mike