Configuring vCenter Single Sign On database connectivity with the vCenter Server Appliance

Products

VMware vCenter Server

Issue/Introduction

This article provides steps to review and configure the vCenter Single Sign-On database connector on the vCenter Server Appliance.

For further information see the Configuring the VMware vCenter Server Appliance section of the vCenter Server and Host Management Guide.

Symptoms:

Cannot configure the vCenter Server Single Sign (SSO) database connector on the vCenter Server Appliance
Configuring the vCenter Server Single Sign (SSO) database connector on the vCenter Server Appliance fails
You see one of these errors:
- Invalid Database
- Invalid User
- Invalid Password

Environment

VMware vCenter Server Appliance 5.1.x

Resolution

An administrator can choose to move the vCenter SSO configuration to an external server, rather than using the default installation that is included with the vCenter Server Appliance. This is a fully supported solution and may add complexities, such as changes to username or password as a configuration issue, that may impact the service.

Validating the vCenter SSO deployment configuration

To validate or reconfigure the database connection used for vCenter SSO when using the vCenter Server Appliance:

Log in to the VMware vCenter Server Appliance administration interface as the root user. By default, this is located at https://servername:5480 .
Click the vCenter Server tab.
Click SSO.

This screen shows the default configuration of the vCenter Server appliance:
Click Test Settings to validate the configuration of SSO for the vCenter Server Appliance.

Changing the SSO deployment type for the vCenter Server Appliance

The SSO deployment type is either embedded or external. By default, it is embedded. This allows the appliance to provide the appropriate services out of the box. You can use one of these options to change the configuration:

Use a fully external SSO instance.

To change the configuration using a fully external SSO instance:
1. In the SSO Settings page, click the SSO deployment type dropdown and change it from embedded to External.
  
  Note: Only the appropriate fields are enabled when the change is made and the ability to configure a database type is disabled.
2. Enter the appropriate information to configure the appliance to point to an external source.
  
  Notes:
  - The username and password under the Account with right to register vCenter with the SSO Server field must be an SSO administrator on the external server.
  - The Account that will be assigned as vCenter administrator field must be a user or group that will be the administrator within the vCenter Server instance after the configuration completes.
  - Lookup Service Location is the URL to the lookup service that is used for this SSO instance. The Lookup Service URL is https://ssoserver.domain.com:7444/lookupservice/sdk.
3. Click Save Settings.
4. To do a final validation of the configuration, click Test Settings. If the test passes, settings are configured properly.
Use the built-in SSO service, but configure it to point to an external database source.

To change the configuration using the built-in SSO service:
1. In the SSO Settings page, ensure that SSO deployment type is set to embedded.
2. Change the Database type to oracle.
3. Enter the appropriate information for these fields to configure the appliance to point to the external database server:
  - Server - The Oracle server connected to.
  - Port - The port number used for Oracle. By default, this is 1521.
  - Instance Name - The instance name being used for the SSO database.
  - Login - The login name that is used by SSO to log in to the database.
  - Password - The password that is used by SSO to log in to the database.
  - DBA Login - Administrative username to log in to the database.
  - DBA Password - Administrative password to log in to the database.
4. Click Save Settings.
5. To do a final validation of the configuration, click Test Settings. If the test passes, settings are configured properly.