Make Sure to take the snapshot of vCenter Server, in case anything gone wrong during the migration you can revert back vCenter to the last working state. The process is relatively straightforwad but remember there is no coming back once you migrate the embedded PSC to external. For Windows, run "%VMWARE_PYTHON_BIN%" checksts.For the past few weeks i am working on enhancing my VMware home lab setup to be more scalable and enterprise grade, which gave me an opportunity to migrate the embededd PSC to external to extend my vCenter Single Sign-On domain with more vCenter Server instances to support multi site NSX and SRM use cases, you can reconfigure and repoint the existing vCenter Server instance to an external Platform Services Controller.įew things to note before starting the migration :. Change into the / tmp directory using: cd /tmp. For example, /tmp on the VCSA or %TEMP% on Windows (You may use WinSCP to upload the script to VCSA, refer to KB Error when uploading files to vCenter Server Appliance using WinSCP if connection fails using WinSCP) Upload to vCenter Server or external PSC. Download the checksts.py script attached to this kb. Note: The STS certificate cannot be viewed from the HTML5 client Select Administrator > Single Sign-On > Configuration > Certificates > STS Signing. 
Connect to the vSphere Web client: vcenter_server_ip_address_or_fqdn/vsphere-client. If expiry will occur in more than six months, schedule certificate replacement at the appropriate time. VMware recommends replacing the certificate if it set to expire within 6 months. 
If the certificate is near expiry, follow "Signing certificate is not valid" - Regenerating and replacing expired STS certificate using shell script on vCenter Server Appliance 6.5/6.7 or "Signing certificate is not valid" - Regenerating and replacing expired STS certificate using PowerShell script on vCenter Server 6.5/6.7 installed on Windows to resolve the issue.
To verify the STS certificate expiry date use one of the following methods.
0 kommentar(er)
