Repointing a new VCSA 7 Appliance to existing Linked vCenter Systems

First I wanted to start by saying that the title of this post is a little misleading. We will definitely cover the repoint process, but I wanted to document the process of how I got there. I have been involved in a project doing a global vSphere upgrade from 6.5 to 7. There are multiple vCenters involved in several countries. Some of these upgraded fine and some failed completely. It was these failures that are the purpose of this blog post.

So first I think this goes with out saying but I will do it anyway. Be sure to backup, snapshot, etc., the vCenter before attempting the upgrade process. It was a lifesaver for me to have the snapshots to revert to. I didn't document the upgrade failures, but wanted to focus on the process of the rebuild and repoint.

Also for the purpose of this post I will not cover the process of building a new vCenter. We will be starting this journey from the point the vcenter was just built. I also wanted to point out that in stage 2 of the vcenter build trying to connect the new vCenter to an existing SSO domain failed.

Lets get started. So, first after the new vCenter is built I wanted to join it to AD. Its a very easy process. From the Menu dropdown at the top click on Administration, then under Single Sign On click Configuration. The under the identity provider click join Active Directory. I added this screenshot as a reminder. The user name format needs to look like it does in the picture user@domain.com. After clicking join and the process finished it will require a reboot.

For the next part, I needed to transfer all the vCenter roles and permissions from the 6.5 VCSA to the new 7 VCSA. To do this I wanted to share a link to be sure to give credit where credit is due. I ran across this site with some very well written powercli scripts to handle this process.

https://bluewire.co.uk/copy-folders-permissions-roles-vcenter/

As you read that blog post you will see that there are 2 powercli scripts to make all this happen. For me I kept this pretty simple. I named mine import and export. They do just that. The export script grabs all the roles, permissions, folders, Templates, and VM hierarchy. I did make a couple changes to these scripts. I added the connect-viserver command to be sure the correct vcenter is connected and also made sure to disconnect at the end. Other than that once the expert script is launched you are asked a couple questions. To enter a local directory to save the .xml files created, and the Datacenter object in the vCenter that we want to transfer the info from.

After adding the info the script will run and complete. To verify data was pulled, browse to the folder location used in the script. there should be 5 xml files in the location as shown below.

Next part is the import process. When launching the import script be sure to use the switches for the data needed. there are 4. -Folders, -Permissions, -Roles, -VMs. For me I used this order; Roles, Permissions, Folders. I didn't use the VMs just yet.

OK at this point the new VCSA is built, joined to AD, all the roles and permissions are moved. Now for the repoint process. The reason I went through the process above was because the repoint commands would always fail until those things were complete.

To start log into the VCSA we are gonna repoint as root and the type shell to begin.

Be sure to take a snapshot of the new VCSA before running this commands just in case something goes wrong. There are 2 commands I recommend running to accomplish this.

First we will use the cmsso-util to run a precheck. here is the command;

cmsso-util domain-repoint --mode pre-check --src-emb-admin administrator --replication-partner-fqdn test1vcsa@vsphere.local --replication-partner-admin administrator --dest-domain-name vsphere.local

Here is what the output should look like

As long as the pre-checks complete successfully we are ready to actually repoint. Some errors I have seen and read about. Make sure there are DNS entries for all the vCenters with PSC. Also saw one where the VCSA name was already used before and had to be removed first.

On with the repoint, use the command below to perform the repoint process.

cmsso-util domain-repoint --mode execute --src-emb-admin administrator --replication-partner-fqdn test1vcsa@vsphere.local --replication-partner-admin administrator --dest-domain-name vsphere.local

Here is what the output should look like;

At this point the process should be complete. This can be verified by logging into vCenter, clicking on the vcenter object, then accross the top click on the Linked vCenter Server Systems. All vCenters in the linked configuration will be listed there.

Here is a couple commands to run while logged into the new VCSA to verify the linked config. the first will show status of the replication partners.

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator

The second will show all the servers in the linked config

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

From here all that is left to do is create the Datacenter and cluster objects. Then move all the ESXi host over.

Here is a link to my github, the scripts used here along with others are here to download.

https://github.com/shanermoore/scripts.git

Thanks for reading, hope you found this post useful.