18 Responses

  1. vSphere 5.1 Generally Available – Important Upgrade Considerations « Long White Virtual Clouds

    […] As with vSphere 4.1 and 5.0 vCenter is supported on 64bit OS only. Now though there is the important addition of Single SignOn (SSO). This makes auditing and control of the environment much more robust, and at the same time creates an additional component and design considerations. VMware with the vSphere 5.1 release now allows for the Inventory Service, in addition to the SSO service to be split out for scalability and performance reasons. Note as of View 5.1 the View Composer service can also run on a separate server. However there is no guidance currently as to when it makes sense to run a split install of this nature. I’d recommend you check out my article vSphere 5.1 Gotcha with Single Sign On (SSO). […]

  2. Preetam
    Preetam at |

    Good article..

    Reply
  3. Jason
    Jason at |

    Great article and very helpful to my upgrade.

    Reply
  4. Welcome to vSphere-land! » vSphere 5.1 Link-O-Rama

    […] AD authentication to VMware SSO 5.1 (Gabe’s Virtual World) vSphere 5.1 Gotcha with Single Sign On (SSO) (Long White Virtual Clouds) Comparing behaviour of vCenter Single Sign On with earlier versions of […]

  5. David
    David at |

    What type of database were you using and how did you go about upgrading it? I'm currently using SQL Express 2005 for vCenter 4.1 and no one can tell me how to do an in-place upgrade. It's maddening!

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi David, How big is your environment? If it's larger than 5 hosts and 50 VM's you'll need to move to a full version of SQL (std edition at minimum) if you want it to be supported. In order to do the upgrade you'll need to create an SSO DB. You may need the SQL management tools for this (which don't come with Express edition) if you want to keep it in the same DB instance as vCenter. If you don't have any other management tools linked into your vCenter and don't need the stats you may opt for a fresh vCenter. You'll have to upgrade SQL Express to 2008 as a minimum as 2005 is not supported. You may be able to get away with a simple install and in-place upgrade (after upgrading SQL Express) and run the SSO DB on a SQL Express instance 2K8. But I haven't tested this and there doesn't appear to be any good documentation on it that I can find. It might pay to file a support request as well before you start the process, or at a minimum file a documentation bug (docfeedback@vmware.com) as this isn't covered well in the docs currently. Let us know how you get on. Also the SQL Express situation is covered in KB 2006706.

      Reply
  6. Fajar Priyanto
    Fajar Priyanto at |

    Hi David,

    You can't do simple install in that case. You have to install SSO and Inventory Server on separate VM from the vCenter VM.

    And.. stop being mad. Relax :)

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Thanks Fajar for your feedback, that is a better option. Not many people have this scenario, which is probably why it isn't well covered in the documentation.

      Reply
      1. Fajar Priyanto
        Fajar Priyanto at |

        You're welcome Michael, I've got this the hardway :)

        I've mentioned this in Singapore VMUG, hopefully the VMware documentation team is willing to put something about it in the docs. It could be maddening like David said :)

  7. Simon Jones
    Simon Jones at |

    Hi Michael,

    Not sure if you have come across this or even if it's a supported configuration. For one of the VC instances I have the Users are in one domain but the Groups they belong to are in another domain and there is a trust in place. Good practice is to use groups, so is this a configuration that could be used because in my lab I haven't been able to get it working yet.

    Reply
    1. @vcdxnz001
      @vcdxnz001 at |

      Hi Simon, Which domain in the vCenter in? The domain with the groups? Which way is the trust and what type of trust? This scenario will be even more interesting when SSO is bought into the mix.

      Reply
  8. Oren
    Oren at |

    Hi, Great article, Thanks for sharing your experience with us!

    I've had a similar problem that after upgrade from 4.1 to 5.1 I couldn't login to vCenter with any domain users. I can login only with a local user of the windows machine that running my vCenter. I still didn't find a solution for it, do you have any tips?

    Reply
    1. Fajar Priyanto
      Fajar Priyanto at |

      Hi Oren,

      Make sure during the upgrade the connectivity to your AD from vCenter and SSO is established all the time. SSO behaves very differently if it's not connected to AD when you do the upgrade.

      Reply
      1. orenfeldman
        orenfeldman at |

        Upgrade already done, I'm not aware of any connectivity issues while I upgraded but maybe…

        My SSO and vCenter is the same machine (VM by the way)

        Anything I can do now, after the upgrade?

  9. Fajar Priyanto
    Fajar Priyanto at |

    Did you do the upgrade logged on to the vCenter VM as domain user or local user?

    If you logged on as domain user SSO will automatically connect to your AD and will recognize domain users you have. If you logged on locally during the upgrade you need to define your AD in SSO after upgrade. If you have backup, you can try to redo the whole process.

    Reply
  10. orenfeldman
    orenfeldman at |

    Too many things have been changed in the configuration since the upgrade, I don't want to redo it…

    Not sure what do you mean by "define your AD in SSO" where should I do it? I do have vCenter single sign on service running on my vCenter server but I don't see where to configure stuff related to the SSO.

    I configured on each host in the Authentication services my domain but it is still not letting me login with my AD users.

    Thanks for your help mate!

    Reply
    1. Fajar Priyanto
      Fajar Priyanto at |

      Oren, I've got impression you're not using the Web Client? Pls install the Web Client from the 5.1 ISO. In 5.1 all authentication now goes to SSO not the vCenter anymore.

      Pls have a look this two links, hopefully it helps:
      http://kb.vmware.com/kb/2032135 http://blogs.vmware.com/vsphere/2012/09/vcenter-s

      Reply
  11. » Disabling vSphere 5.1 Single Sign-on (SSO) – Don’t do it! Long White Virtual Clouds

    […] vSphere 5.1 Gotcha with Single Sign On (SSO) […]

Leave a Reply