When you configure Single Sign-On for high availability, update the Lookup Service records to ensure that the load balancer can connect to the Single Sign-On nodes.

1

Copy the root certificate of the certificate chain that issued the SSL certificate for the load balancing software to the machine on which Single Sign-On node1 (the primary node) is installed.

2

From a terminal window, on each of the systems where Single Sign-On is installed, perform the following steps.

a

Set the JAVA_HOME variable.

By default, VMware products install JRE in C:\Program Files\VMware\Infrastructure\jre.

b

Check your firewall settings to ensure that connections to the load balancing software are possible.

c

List the services in the directory where you installed Single Sign-On.

If you installed the software in the default location, run the following command to change to the directory.

cd /d C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli

Get the list of services.

ssolscli listServices https://primary_node_hostname:7444/lookupservice/sdk

3

From the list of services, locate the Group Check, SSO Admin, and Security Token Service (STS) services and determine the Type.

Service type

Type

URN

Groupcheck

urn:sso:groupcheck

Admin

urn:sso:admin

Security Token Service

urn:sso:sts

4

Create a properties file for each service, naming the files gc.properties, admin.properties, and sts.properties, respectively.

The URIs specified for the Single Sign-On Admin and Group Check are the ones that you specified in the load balancing software configuration.

An example .properties file looks similar to this one.

[service] 
friendlyName=STS for Single Sign On
version=1.0
ownerId=
type=urn:sso:sts 
description=Security Token Service of Single Sign On server

[endpoint0]
uri=https://location_of_your_load_balancer:configured port/ims/STSService?wsdl
ssl=C:\location_of_pem\cacert.pem
protocol=wsTrust
5

Locate the serviceId for each of the three services.

The service ID is located in serviceId on the list of services you created.

6

Using a plain text editor, create a service ID file for each service.

File names

Service

File name

sts.properties

sts_id

gc.properties

gc_id

admin.properties

admin_id

The service ID file contains only the service ID and must not contain any other data.

The following is an example of the contents of the sts_id file.

{D46D4BFD-CC5B-4AE7-87DC-5CD63A97B194}:7
7

For each service, run the following commands.

SingleSignOn install dir\ssolscli\ssolscli updateService
 -d Lookup Service URL -u sso administrator name -p 
sso administrator password -si serviceid_file 
-ip service.properties

The following code is an example of the contents of the sts_id file.

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli\ssolscli 
updateService -d https://primary_sso_node configured_port/
lookupservice/sdk -u admin@System-Domain -p VMware123 
-si sts_id -ip sts.properties

Install the vSphere Web Client. See Install or Upgrade the vSphere Web Client. Then Install Inventory Service. See Install or Upgrade vCenter Inventory Service in a Separate Installation.

Note

During the installation of vCenter Server, vSphere Web Client, and the Inventory service, you must provide the address of the new load balanced hostname for Lookup Service. The address should be in the form https://load balancer fqdn:configured port/configured path.