Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Updating the vCenter Single Sign On server database configuration (2045528)

Symptoms

  • After you change the SQL port assignment of the Single Sign On (SSO) database server, Single Sign On fails. As a result, vCenter Server fails to start.
  • After moving the SSO database from one host to another, you need to change the database configuration for the vCenter SSO server.
  • When migrating the SSO database the RSA_USER credentials are different on the destination host.

Purpose

This articles provides recommendations on how to modify the SSO configuration when:
  • Modifying the SQL server port
  • Moving the SSO database to another SQL host.
  • Modifying the RSA_USER password

Cause

When you change the SQL port assignment of the Single Sign On database server, Single Sign On fails. As a result, vCenter Server fails to start.

This issue can occur if port assignment for the SQL server has changed. For example if SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system.

Resolution

When you change the SQL port assignment of the Single Sign On database server, Single Sign On fails. As a result, vCenter Server fails to start.
 
This issue can occur if port assignment for the SQL server has changed. For example if SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system.
 
When you change the SQL port number of the SSO database server, you must reconfigure SSO with the new port number.
 
To reconfigure SSO with the new port number:
  1. Stop the vCenter Single Sign On server (service).
  2. Run the command:

    ssoserver folder\utils> ssocli configure-riat -a configure-db --database-host database_server_name --database-port new_database_port -m master password
  3. Open ssoserver folder\webapps\lookupservice\WEB-INF\classes\config.properties in a text editor.
  4. Locate the line db.url= and replace the port number with the new value.
  5. Start the vCenter Single Sign On server (service).
For information about finding the current value of a dynamic port for SQL Server, see the Microsoft Knowledge Base article 823938.
 
Note: The preceding link was correct as of March 26, 2013. If you find the link is broken, provide feedback and a VMware employee will update the link.
If you move the SSO database from one SQL host to another host you need to update the SSO configuration with the new SQL server host information

If you have moved the SSO DB and database user credentials have changed or the database server login password has expired or been changed, you must update the SSO config.
 
To see the database that Single Sign On is configured to use:
  1. At a command line, run:

    SingleSignOn_server\utils\ssocli manage-secrets -a listallkeys

  2. When prompted, supply the master password.
  3. Update the configuration using the command:

    ssocli configure-riat -a configure-db

    For example:

    ssoserver folder>\utils> ssocli configure-riat -a configure-db --database-host new_host_name --database-port new_SQL_server_port -m mypassword

    See the Additional Information section for all other options.
Note: On the server where SSO is installed, you can also view the jndi.properties file in the default location (C:\Program Files\VMware\Infrastructure\SSOServer\webapps\ims\web-inf\classes\) to see the database configuration for the SSO server and verify the values which need to be updated.

Most commonly these values are:
  • com.rsa.db.hostname
  • com.rsa.instanceName
On the server where SSO is installed, edit the file C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties and modify all values that need to be updated. Most commonly this is the value under:

## DB host

Note: If the RSA_USER credentials are different on the destination host, update the configuration.

To update the SSO DB RSA_USER password, run the command if, for example, the RSA_USER password has expired or the Database has been moved to another SQL instance:

ssocli.cmd configure-riat -a configure-db --rsa-user-password new_db_password --rsa-user New_RSA_USER

Note: Database log in accounts do not expire using the embedded Microsoft SQL Server Express Database.

Additional Information

Full list of configure-db arguments:
 
C:\Program Files\VMware\Infrastructure\SSOServer\utils>ssocli configure-riat -a configure-db --help

Usage: rsautil configure-riat -a configure-db arguments
 
Option Description
-m
--master-password
 Master password. Required.
--database-host Database hostname or IP address. Optional, unless it is being updated to a new value.
If a literal IPv6 address is specified, it must be enclosed in "[" and "]" characters, as per RFC 2732.
 --database-port
Database port number. Optional, unless it is being updated to a new value.
--server-instance-name Optional. Needed when MSSQL Server is deployed to use dynamic port.
 --rsa-user
The user account to use for connecting to the database. Optional, unless it is being updated to a new value.
--rsa-user-password Optional, unless the --rsa-user argument is also presented. To cause the password to be prompted for, specify the --rsa-user argument on the command line.


See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 6 Ratings
Actions
KB: