Tuesday, April 23, 2013

Moving the vSphere 5.1 SSO database

Plenty of resources for moving MS SQL Server-hosted vCenter and Update Manager databases. But what about the database for the new Single Sign-On service?

Easy, as long as you get the SQL users moved and change the hostname string in two places.

The easy part is getting the users moved. There's a handy Microsoft KB article for transferring logins from one server to another. I've never had a problem with that.

The harder part is getting the SSO "bits" to accept a new hostname. Thankfully, Gabrie van Zanten was able to document this, along with some other pieces related to SSO database management.

So here's your steps:
  1. Execute the sp_help_revlogin stored procedure on the existing SQL server to get the RSA_USER and RSA_DBA logons.
  2. Merge the create user lines with the script from the vCenter SSO Install source. This makes certain you have all the necessary attributes for these users.
  3. Shut down the SSO service.
  4. Backup the current RSA database.
  5. Restore the backup on the new server.
  6. Execute the user creation lines from Step 2.
  7. In a command shell, go to the SSO Server's utils folder (in a default install, the path is C:\Program Files\VMware\Infrastructure\SSOServer\utils) and use the rsautil script to modify the database location:
    rsautil configure-riat -a configure-db --database-host hostname
  8. Verify your changes by inspecting .\SSOServer\webapps\ims\WEB-INF\classes\jndi.properties
  9. Update the db.host field in the .\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties file.
  10. Restart the SSO service.

5 comments:

  1. Hello Jim,

    Point 7. is not correct.
    rsautil configure-riat -a configure-db --database-host

    Thanks
    Ronny

    ReplyDelete
    Replies
    1. OK Again:

      rsautil configure-riat -a configure-db --database-host databasehostname

      Delete
  2. Thwart with troubles - wouldn't it be easier to reinstall SSO?

    ReplyDelete
    Replies
    1. To be honest, you're better off on SSO v5.5 or later; none of this crap makes any difference on that platform. Even if you're stuck on ESXi 5.1--or even vCenter 5.1--you can still migrate to SSO 5.5 and it'll work fine. Reinstalling isn't that easy if you have a bunch of other stuff already registered to it: vCenter, Inventory services, vCAC, etc.

      Delete