The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Backing up and restoring the vCenter Single Sign-On (SSO) configuration (2034928)
For more information, see the vSphere 5.1 documentation. The documentation contains definitive information. If there is a discrepancy between the documentation and this article, assume that the documentation is correct.
Back up the vCenter Single Sign-On configuration in these circumstances:
- After you install, update, or change the location of a vCenter Single Sign-On instance.
- When the
node.pkgfile is modified. The
node.pkgfile is modified when you take either of these actions:
- Change vCenter Single Sign-On database information, such as the database host name or port.
- Change the vCenter Single Sign-On password that was created for the administrator user
admin@System-Domainwhen vCenter Single Sign-On was originally installed. This original password is required when you restore a vCenter Single Sign-On backup.
Note: For a complete backup, you must also back up the vCenter Single Sign-On database. For more information, see the documentation for the database type you are using.
Backing up the vCenter Single Sign-On configurationTo back up the vCenter Single Sign-On configuration:
- From the Windows user interface:
- Go to Programs > VMware.
- Right-click Generate vCenter Single Sign-On backup bundle and click Run as administrator.
- From the command prompt:
- Right-click the Command Prompt icon or menu item and select Run as administrator.
- Change directory to
If you installed vCenter Single Sign-On in a location other than the default, change to the path where it was installed.
- Type cscript sso-backup.wsf /z and press Enter.
Note: The vCenter Single Sign-On configuration is backed up to a file named
Single Sign On.zipon the desktop of the host machine. To save the
.zipfile in a different location, edit the
C:\Program Files\VMware\Infrastructure\SSOServer\scripts\sso-backupscript and change this line from:
Restoring the vCenter Single Sign-On configurationTo restore a vCenter Single Sign-On single node or primary node instance that has become corrupt:
- Prepare a host machine for the restored vCenter Single Sign-On instance. The host machine can be a physical machine or a virtual machine. It must satisfy the hardware requirements for vCenter Single Sign-On. For more information, see the
Hardware Requirements for vCenter Server, vCenter Single Sign-On, vSphere Client, and vSphere Web Clientsection of the vSphere Upgrade guide.
- Verify that the vCenter Single Sign-On database is accessible from the host machine.
- Verify that you have the original administrator password for the vCenter Single Sign-On instance that you are restoring.
- Verify that you have the account name and password for the RSA SSPI service and vCenter Single Sign-On service of the vCenter Single Sign-On instance that you are restoring.
- Download the vCenter Server installer from the VMware Download Center to the new host machine.
- Copy the backup file
Single Sign On.zipto the new host machine in the directory
- Rename the new host with the same Fully Qualified Domain Name (FQDN) as the vCenter Single Sign-On server that you created the backup from.
- If the vCenter Single Sign-On instance that you created the backup from was in a workgroup, and was installed using its IPv4 address, make sure that the new host machine has the same static IP address.
Note: DHCP is not supported.
- Verify that the DNS of the new host is forward and reverse resolvable.
- On the vCenter Single Sign-On host machine, in the VMware vCenter Server installation directory, double-click the autorun.exe file to start the installer.
- Select vCenter Single Sign-On and click Install.
- Follow the prompts in the installation wizard to choose the installer language, and agree to the end user patent and license agreements.
- Select Recover installed instance of vCenter Single Sign-On from a backup.
- Browse to and select the
Single Sign On.zipfile.
- Enter the original administrator password for the old vCenter Single Sign-On instance.
Note: You must use the password that was created for the
admin@System-Domainuser when vCenter Single Sign-On was originally installed, even if you have changed that password.
- Make sure that the RSA SSPI service is logged on to the same account as in the vCenter Single Sign-On instance that you created the backup from.
- Follow the wizard prompts to complete the vCenter Single Sign-On restoration.
- If there are any vCenter Single Sign-On high availability backup nodes associated with the primary node that you restored, make sure that the RSA SSPI service logs on to the same account in the primary node and all high availability backup nodes.
- From the vSphere Web Client, log in to the vCenter Server instances that are registered to the vCenter Single Sign-On instance to verify that you have working access to them.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.