vSphere Upgrade Saga: Migrating to External PSC

It is time to try out the external platform service controller (External PSC), for several reasons. The first is that I wish to keep my license and SSO information separate from vCenter. The reasons are myriad, so I will list them later. The main concern is to reinstall vCenter to try to eliminate the Deploy OVF problem.

The first step was to read the documentation on moving from an embedded platform service control to an external one. All the steps you need to perform are listed there, so I will not duplicate them. My reasons are many:

  1. Attempt to enable Deploy OVF (initially).
  2. Reinstall vCenter in order to solve my vDS/DRS issue. This was  to satisfy not just support but myself.
  3. To move users and licenses outside of vCenter. This does mean I have one more system to lock down, but it also means a hacker needs to do more to gain critical information.
  4. To play with vCenter HA.

All these reasons were enough for me to make the attempt. As usual, my first attempt just did not work due to user error. Thankfully, I made snapshots of the original vCSA so I could start again. This is crucial: make a snapshot before doing anything to your vCenter Server!

The result after I reinstalled vCenter and rejoined my nodes was a set of duplicate entries for clusters and systems. My licenses ended up on the PSC, but they were already assigned. The real problem was that I had duplicate vCenter Servers defined in the PSC. Using KB 2050273 allowed me to remove them.

I also found this approach from vSphere Arena to removing licenses, which I used first. In combination, both of these solved my problem. A judicious use of JXplorer solved the problem. But be very careful—actually, before doing anything like this, make a snapshot of your Platform Service Controller!

Now came the fun part! I had to repoint all my existing services to the new vCenter and PSC, as the certificates had changes. Here are some notes on doing this:

  • Repoint NSX, View, vROps, and vRLI via their own UIs. These were painless and just required accepting the new certificate. For vRLI and vROps, you had to reenter the password to get everything to accept.
  • Repoint the HTML5 client via FAMI (:5490). Actually, you need to follow the PDF Deployment Instructions and Helpful Tips v2.5 to copy some files from vCenter to PSC, then run configui. The script they give you is wrong, however. You need vsphere-client instead of vsphereclient. You can download this PDF from the Flings site.
  • Repoint VDP via https://VDPServer:8453/vdp-configure. This was pretty straightforward as well.
  • vSphere Replication was a problem UNTIL I migrated to external PSC + NEW vCenter, but I still needed KB 2120154 to complete the repoint.

Lastly, I repointed my existing third-party tools such as Veeam, Turbonomic, and others. Veeam was difficult, as I need to use their tool to migrate from one vCenter to another. Use Veeam KB 2136 for assistance and instructions.

Voilà! I have a brand-new PSC and a brand new vCenter. This did not fix the Deploy OVF issue, but it gets me closer to my end goal.

Edward Haletky

Edward L. Haletky, aka Texiwill, is an author, analyst, developer, technologist, and business owner. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and TVP Strategy where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + nine =