To resolve this issue, un-register the old Secure Token Service service registration in the Lookup Service:
For the Platform Services Controller Appliance:
- Connect to the External Platform Service Controller Appliance with an SSH session.
- Provide the root user user name and password when prompted.
- Run this command to enable the Bash shell:
shell.set --enable True
- Run this command to access the Bash shell:
shell
- Run this command to navigate to the scripts directory:
cd /usr/lib/vmidentity/tools/scripts
- Run this command to list the STS service registrations:
./lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk 2> /dev/null
For example:
./lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://psc.vmware.com/lookupservice/sdk 2> /dev/null
- This should report a minimum of two endpoints. One belonging to the new, external PSC and one belonging to the decommissioned, Embedded PSC.
For example:
Service Product: com.vmware.cis
Service Type: cs.identity
Service ID: 8b002037-d8df-456c-b2e6-2bb8e35aac8a
Site ID: site11
Owner ID: [email protected]
Version: 2.0
Endpoints:
Type: com.vmware.cis.cs.identity.admin
Protocol: wsTrust
URL: https://external_psc.vmware.com/sts/STSService/vsphere.local
SSL trust: <SSL Certificate>
--------------------------------------------------
Service Product: com.vmware.cis
Service Type: cs.identity
Service ID: b4295d0b-659a-4b70-8100-36b124f6fb44
Site ID: site11
Owner ID: [email protected]
Version: 2.0
Endpoints:
Type: com.vmware.cis.cs.identity.admin
Protocol: wsTrust
URL: https://embedded_psc.vmware.com/sts/STSService/vsphere.local
SSL trust: <SSL Certificate>
- Run this command to un-register the old STS service registration:
./lstool.py unregister --user "[email protected]" --password "administrator password" --id <Embedded PSC Service ID From above> --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk
For example:
./lstool.py unregister --user [email protected] --password --id b4295d0b-659a-4b70-8100-36b124f6fb44 --no-check-cert --url https://psc.vmware.com/lookupservice/sdk
- On the affected vCenter Server, restart the VMware Performance Chart Service by running these commands:
service-control --stop vmware-perfcharts
service-control --start vmware-perfcharts
For the Platform Services Controller for Windows:
- Remote Desktop into the Windows Server.
- Open an elevated command prompt.
- Run this command to navigate to the scripts directory:
cd "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts"
- Run this command to list the STS service registrations:
"%VMWARE_PYTHON_BIN%" lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk
For example:
"%VMWARE_PYTHON_BIN%" lstool.py list --ep-type com.vmware.cis.cs.identity.sso --no-check-cert --url https://psc.vmware.com/lookupservice/sdk
- This should report a minimum of two endpoints. One belonging to the new, external PSC and one belonging to the decommissioned, Embedded PSC.
For example:
Service Product: com.vmware.cis
Service Type: cs.identity
Service ID: 8b002037-d8df-456c-b2e6-2bb8e35aac8a
Site ID: site11
Owner ID: [email protected]
Version: 2.0
Endpoints:
Type: com.vmware.cis.cs.identity.admin
Protocol: wsTrust
URL: https://external_psc.vmware.com/sts/STSService/vsphere.local
SSL trust: <SSL Certificate>
--------------------------------------------------
Service Product: com.vmware.cis
Service Type: cs.identity
Service ID: b4295d0b-659a-4b70-8100-36b124f6fb44
Site ID: site11
Owner ID: [email protected]
Version: 2.0
Endpoints:
Type: com.vmware.cis.cs.identity.admin
Protocol: wsTrust
URL: https://embedded_psc.vmware.com/sts/STSService/vsphere.local
SSL trust: <SSL Certificate>
- Run this command to un-register the old STS service registration:
"%VMWARE_PYTHON_BIN%" lstool.py unregister --user "[email protected]" --password "administrator password" --id <Embedded PSC Service ID From above> --no-check-cert --url https://External_PSC_FQDN/lookupservice/sdk
For example:
"%VMWARE_PYTHON_BIN%" lstool.py unregister --user [email protected] --password --id b4295d0b-659a-4b70-8100-36b124f6fb44 --no-check-cert --url https://psc.vmware.com/lookupservice/sdk
- On the affected vCenter Server, restart the VMware Performance Chart Service by running these commands:
service-control --stop vmware-perfcharts
service-control --start vmware-perfcharts