Search the VMware Knowledge Base (KB)
View by Article ID

How to repoint and re-register vCenter Server 5.1 / 5.5 and components (2033620)

  • 172 Ratings

Details

Note: This article is specific to VMware vCenter Server 5.1 and 5.5. If you are using the vCenter Server Appliance 5.5, see Re-pointing and re-registering VMware vCenter Server Appliance 5.5.x and components (2094888).

After certain changes to your VMware vSphere deployment topography, you might need to re-point or re-register vCenter Server components with the vCenter Inventory Service or vCenter Single Sign-On and the vCenter Lookup Service to ensure that the components can continue to communicate.

Caution: Take a snapshot or backup of vCenter Server before proceeding. If vCenter Single Sign-On, vCenter Inventory Service, vSphere Web Client, and other services are installed on separate systems, also take a snapshot or backup of those systems.

Note: Password issues can cause the repoint operations to fail. For more information, see vSphere 5.5 Single Sign-On administrator@vsphere.local password issues (2060637).

If a vCenter Single Sign-On instance fails or is corrupted, any associated vCenter Servers, Inventory Service instances, and vSphere Web Client instances lose access to vSphere. In this case, you have these options:
Note: When you relocate a vCenter Server instance or make changes to the vCenter Inventory Service, you must re-register vCenter Server with the vCenter Inventory Service.

Solution

If you are responding to a failed Single Sign-On instance, perform these steps in this order:

  1. Remove the Inventory Service account

    Note: This is required only if you are re-registering the vCenter Inventory Service to the same Single Sign-On instance that the vCenter Inventory Service was originally registered to.

  2. Re-register vCenter Inventory Service with vCenter Single Sign-On
  3. Register vCenter Server with a different vCenter Single Sign-On instance
  4. Re-register vCenter Server with the Inventory Service
  5. Register the vSphere Web Client with a different vCenter Single Sign-On instance
  6. Removing an unused Single Sign-on node
Note: If vCenter Server is in Linked Mode with another vCenter Server, unlink them before proceeding with any steps in this article. To unlink vCenter Servers, see Disabling Linked Mode for VMware vCenter Server 4.x and 5.x (1010432).

Remove the Inventory Service account

This procedure is required only if you re-register vCenter Inventory Service to the same Single Sign-On instance that Inventory Service was originally registered to. When you re-register Inventory Service to the same Single Sign-On instance, you must first remove the Inventory Service account from the Single Sign-On application users. Otherwise, the re-registration fails with the error, AlreadyRegistered.

To remove the Inventory Service account:
  1. In the vSphere Web Client, go to Administration.
  2. In SSO Users and Groups, click Application Users.
  3. Delete the Inventory Service account.
Re-register vCenter Inventory Service with vCenter Single Sign-On

During vCenter Inventory Service installation or upgrade, the Inventory Service is registered with a vCenter Single Sign-On instance, and the Inventory Service stores the location of the vCenter Single Sign-On instance. When you relocate a vCenter Single Sign-On instance or switch to a different Single Sign-On instance, update the corresponding Inventory Service instance. If a Single Sign-On instance fails or is corrupted, you can also use this procedure to re-point the Inventory Service to a different Single Sign-On instance.

If changes occur to any of these entities, re-register the Inventory Service with vCenter Single Sign-On using:
  • IP address of the vCenter Single Sign-On instance
  • vCenter Inventory Service host DNS or IP address
  • vCenter Inventory Service certificates
Notes: If you are re-registering the Inventory Service to the same Single Sign-On instance, you must first remove the Inventory Service account from the Single Sign-On application users. For more information, see the Remove the Inventory Service account section of this article.

To re-register the Inventory Service with vCenter Single Sign-On:
  1. Open a command prompt on the Inventory Service host machine.

  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\Inventory Service\scripts

    Notes:
    • If you have installed the vCenter Inventory Service in a different location from the default C:\Program Files\, adjust the path.
    • Typically, short names are not disabled. However, if you have disabled short names on your system, or have removed short names for the folder where the Inventory Service and vCenter Server are installed, perform these steps:

      1. Open the regTool.cmd file with a text editor. The regTool.cmd file is located at:

        installation_path\Inventory Service\sso

      2. In the line beginning with set LOG4J_CONF=, enclose %TOOL_DIR% in quotation marks:

        "%TOOL_DIR%"

        Note: If the command fails, try again without quotation marks.

      3. Save and close the file.

  3. Run the is-change-sso.bat command to update the stored configuration information of the Inventory Service:

    is-change-sso.bat ssoServerUrl "ssoAdminuser" "ssoAdminPassword"

    Use this example as a model:

    In vCenter Server 5.1:

    is-change-sso.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1@"

    In vCenter Server 5.5:

    is-change-sso.bat https://machinename.corp.com:7444/lookupservice/sdk "administrator@vSphere.local" "SSO_pw1@"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.

  4. Restart the Inventory Service:

    net stop vimQueryService
    net start vimQueryService
The vCenter Inventory Service URL configuration is now updated and the Inventory Service is re-registered with vCenter Single Sign-On.

Note: If you are re-registering the Inventory Service to the same Single Sign-On instance, you must also re-register vCenter Server with the Inventory Service. For more information, see the Re-register vCenter Server with the Inventory Service section of this article.

Register vCenter Server with a different vCenter Single Sign-On instance

During installation or upgrade, vCenter Server is registered with the Lookup Service for a vCenter Single Sign-On instance. You can change this registration to the Lookup Service for a different Single Sign-On instance. You might register vCenter Server to a different vCenter Single Sign-On instance if the original Single Sign-On instance fails, or if you add a new Single Sign-On node and want to associate vCenter Server with the new node.

Note: When you register vCenter Server to a new Single Sign-On instance, you lose these permissions:
  • All permissions created for users from the Single Sign-On system identity source
  • All permissions granted to users from identity sources that are not present in the new Single Sign-On instance
  • All permissions granted to local operating system users
To register vCenter Server to a different vCenter Single Sign-On instance:
  1. Open a command prompt on the vCenter Server host machine as administrator.

  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool

    Note: If you have installed vCenter Server in a location other than the default C:\Program Files\ folder, adjust the path. Also, in the repoint.cmd file, ensure that JAVA_HOME points to the correct location of your vCenter Server installation.

  3. Unzip the sso_svccfg.zip file.

    Note: Best practice is to unzip these files into a new folder and change directory to the new folder before executing the next step.

  4. Run this command to register vCenter Server to a different Single Sign-On instance:

    repoint.cmd configure-vc --lookup-server lookup_service_url --user single_sign_on_admin_user --password single_sign_on_admin_password --openssl-path "path_to_OpenSSL_bin_directory/"

    Note: If you have installed vCenter Server in a location other than the default, you must add this option to the re-point command:

    --vc-install-dir "path_to_vCenter_Server_install_directory"

    The openssl-path path must be enclosed in quotation marks and followed by a trailing forward slash. The openssl-path parameter is required to update the trust store with the new Lookup Service and Single Sign-On certificates. If you do not provide it, the command is executed successfully, but you must manually update the certificate trust store. For more information about updating the certificate trust store for vCenter Server components, see Implementing CA signed SSL certificates with vSphere 5.1 (2034833).

    Use this example as a model:

    In vCenter Server 5.1:

    repoint.cmd configure-vc --lookup-server https://machinename.corp.com:7444/lookupservice/sdk --user "admin@System-Domain" --password "SSO_pw1@" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin/"

    In vCenter Server 5.5:

    repoint.cmd configure-vc --lookup-server https://machinename.corp.com:7444/lookupservice/sdk --user "administrator@vSphere.local" --password "SSO_pw1@" --openssl-path "C:\Program Files\VMware\Infrastructure\Inventory Service\bin/"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.

    Notes:
    • If you receive the error The system cannot find the path specified, verify the set JAVA_HOME location in the repoint.cmd script:

      For vSphere 5.1, set it to:

      C:\Program Files\VMware\Infrastructure\jre

      If this JRE folder does not exist, check forC:\Program Files\VMware\Infrastructure\jre1, and if this exists, update the script to point to the correct JAVA_HOME location and try the command again.

      For vSphere 5.5, set it to:

      C:\Program Files\Common Files\VMware\VMware vCenter Server - Java Components\

      For example, change:

      set JAVA_HOME= blank

      to:

      set JAVA_HOME=C:\Program Files\Common Files\VMware\VMware vCenter Server - Java Components\

    • If you receive this error:

      Abnormal command failure: exception 'Cannot locate configuration source C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\vcsso.properties'

      Create the folder structure C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool and copy the vcsso.properties file into the ssoregtool folder.

    • If the VMware Inventory Service is located on a separate server, copy the bin folder from C:\Program Files\VMware\Infrastructure\Inventory Service\. The command now looks like this:

      repoint.cmd configure-vc --lookup-server https://machinename.corp.com:7444/lookupservice/sdk --user "administrator@vSphere.local" --password "SSO_pw1@" --openssl-path "C:\<path to copied bin folder>\bin/"

    • If you receive the error InternalError / 254, see Repointing VMware vCenter Server to vCenter Single Sign-On fails with InternalError / 254 (2083179)  

  5. Restart the VMware VirtualCenter Server and the VMware VirtualCenter Management Webservices services:

    1. In the Administrative Tools control panel, click Services.
    2. Right-click VMware VirtualCenter Server and click Restart.
    3. Right-click VMware VirtualCenter Management Webservices and click Restart.
The vCenter Server is now registered with the new Single Sign-On instance.

Re-register vCenter Server with the Inventory Service

During installation or upgrade, vCenter Server is registered with the vCenter Inventory Service, and the Inventory Service stores the location of vCenter Server. When you relocate a vCenter Server instance or make changes to the vCenter Inventory Service, you must update the corresponding Inventory Service instance.

Re-register the Inventory Service with vCenter Server if any of these entities change:
  • vCenter Inventory Service certificate
  • vCenter Server IP address or host name
  • vCenter Inventory Service address or host name
You must also re-register vCenter Server with the Inventory Service if you reinstall the Inventory Service on the same machine and if any of these conditions apply:
  • You overwrite the Inventory Service database during the re-installation
  • You reinstall the Inventory Service with a different path to the installation directory
  • You change the Inventory Service port number
To re-register vCenter Server with the Inventory Service:
  1. Open a command prompt.
  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool

    Note: If you installed the vCenter Server in a location other than the default C:\Program Files\, adjust the path.

  3. Run the register-is.bat command to update the stored configuration information of the Inventory Service:

    register-is.bat vCenter_Server_URL Inventory_Service_URL Lookup_Service_URL

    Use this example as a model:

    register-is.bat https://machinename.corp.com:443/sdk https://machinename.corp.com:10443 https://machinename.corp.com:7444/lookupservice/sdk

    In this example, 443, 10443, and 7444 are the default HTTPS port numbers for vCenter Server, the Inventory Service, and vCenter Single Sign-On respectively. If you use custom ports, replace the port numbers in the example with the port numbers you use. The server FQDN should be used rather than an IP address for machinename.corp.com. If an IP address is used, you may see the SslHandshakeFailed=1 error.

  4. Restart vCenter Server.
The vCenter Inventory Service URL configuration is now updated and vCenter Server is re-registered with the Inventory Service.

Register the vSphere Web Client with a different vCenter Single Sign-On instance

During installation or upgrade, the vSphere Web Client is registered with the Lookup Service for a vCenter Single Sign-On instance. If the Single Sign-On instance fails or changes, you might need to register the vSphere Web Client with a different vCenter Single Sign-On Lookup Service.

If the vCenter Single Sign-On server fails or is corrupted, you can install a new Single Sign-On instance and register the vSphere Web Client to the new Single Sign-On instance. Alternatively, you can install a new vSphere Web Client and register it to the new Single Sign-On instance. For more information, see the VMware vSphere 5.5 Installation and Setup guide.

If you re-point vCenter Server and the vCenter Inventory Service from the failed Single Sign-On instance to a different, existing Single Sign-On instance, you can use the vSphere Web Client that is already registered with that Single Sign-On instance.

To register the vSphere Web Client with a different vCenter Single Sign-On Lookup Service:
  1. Open a command prompt.

  2. Change directory to:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    Note: If you installed the vSphere Web Client in a location other than the default C:\Program Files\, adjust the path.

  3. Run the client-repoint.bat command to register the vSphere Web Client with a different vCenter Single Sign-On and Lookup Service:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    Use this example as a model:

    For vCenter Server 5.1:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1@"

    For vCenter Server 5.5:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "administrator@vSphere.local" "SSO_pw1@"

    In this example, 7444 is the default HTTPS port number for vCenter Single Sign-On. If you use a custom port, replace the port number in the example with the port number you use. The quotation marks are required to escape special characters in the Single Sign-On user name and password.

The vSphere Web Client is now registered with the vCenter Single Sign-On and Lookup Service.

Note: If vCenter Server fails to start after performing the preceding steps, see VMware vCenter Server 5.1/5.5 fails to start after re-registering with vCenter Single Sign-On (2048753).

Removing an unused Single Sign-on node

Note: If the Single Sign-On was migrated from an embedded to external node, the embedded Single-Sign on needs to be uninstalled.

To remove the unused Single Sign-On instance uninstall vCenter Single Sign-On from Programs and Features.

Additional Information

For translated versions of this article, see:

Tags

repointing vcenter components

Update History

06/03/2013 - short names note added 09/28/2012 - Changed command string example as a model to reflect proper syntax.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 172 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 172 Ratings
Actions
KB: