Before you begin the upgrade to vCenter Server, make sure you prepare the vCenter Server system and the database.

vCenter Server 5.1.x requires vCenter Single Sign-On and Inventory Service. You must install or update these components in this order: vCenter Single Sign-On, Inventory Service, and vCenter Server. Review the topics in the section How vCenter Single Sign On Affects vCenter Server Installation and Upgrades

Review the release notes for known issues or special installation notes.

Gather the information that is required to complete the installation wizard. See Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service, and vCenter Server.

Download the vCenter Server 5.1.x installer from the VMware Web site.

Verify that your system meets the requirements listed in Hardware Requirements for vCenter Server, vCenter Single Sign On, vSphere Client, and vSphere Web Client and vCenter Server Software Requirements, and that the required ports are open, as discussed in Required Ports for vCenter Server.

Review the Windows Group Policy Object (GPO) password policy for your system machines. The Single Sign-On installation requires you to enter passwords that comply with GPO password policy.

If your vSphere system includes VMware solutions or plug-ins, make sure they are compatible with the vCenter Server version that you are upgrading to. See the VMware Product Interoperability Matrix at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

Before you upgrade any vCenter Server that belongs to a Linked Mode group, remove it from the Linked Mode group. Upgrading vCenter Servers that are members of a Linked Mode group can cause the upgrade to fail, and can leave vCenter Servers in an unusable state. After you upgrade all members of a Linked Mode group to the same version of 5.1.x, you can rejoin them.

If you do not intend to use evaluation mode, make sure that you have valid license keys for all purchased functionality. License keys from vSphere versions prior to version 5.0 are not supported in vCenter Server 5.x. If you do not have the license key, you can install in evaluation mode and use the vSphere Client or vSphere Web Client to enter the license key later.

Close all instances of the VI Client, the vSphere Client, and the vSphere Web Client.

Verify that the system on which you are upgrading vCenter Server is not an Active Directory primary or backup domain controller.

Verify that the NETWORK SERVICE account has read permission on the folder in which vCenter Server is installed and on the HKLM registry.

Verify that the NETWORK SERVICE account has read and execute permissions on the folder where the RSA SSPI service is located. The default location is: C:\Program Files\VMware\Infrastructure\SSOServer\utils\bin\windows-x86_64\.

Either remove any ESX Server 2.x or 3.x hosts from the vCenter Server inventory or upgrade these hosts to version 4.0 or later.

Update any ESX/ESXi 4.1 hosts to version 4.1 Update 1 or later. See Knowledge Base article 2009586.

Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the vSphere network. See Synchronizing Clocks on the vSphere Network.

Make sure that the computer name has 15 characters or fewer.

Verify that the fully qualified domain name (FQDN) of the system where you will upgrade vCenter Server is resolvable. To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at a command line prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of the domain controller machine.

Run the vCenter Host Agent Pre-Upgrade Checker.

The installation path of the previous version of vCenter Server must be compatible with the installation requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). The installation path cannot contain any of the following characters: non-ASCII characters, commas (,), periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%). If your previous version of vCenter Server does not meet this requirement, you must perform a clean installation of vCenter Server 5.1.x.

Back up the SSL certificates that are on the vCenter Server system before you upgrade to vCenter Server 5.1.x. The default location of the SSL certificates is %allusersprofile%\Application Data\VMware\VMware VirtualCenter.

Make sure that SSL certificate checking is enabled for all vSphere HA clusters. If certificate checking is not enabled when you upgrade, HA will fail to configure on the hosts. Select Administration > vCenter Server Settings > SSL Settings > vCenter requires verified host SSL certificates. Follow the instructions to verify each host SSL certificate and click OK.

If the vCenter Server 4.x environment that you are upgrading includes Guided Consolidation 4.x, uninstall Guided Consolidation before upgrading to vCenter Server 5.1.x.

Before the vCenter Server upgrade, in the Administrative Tools control panel of the vCenter Single Sign-On instance that you will register vCenter Server to, verify that the vCenter Single Sign-On and RSA SSPI services are started.

You must log in as a member of the Administrators group on the host machine, with a user name that does not contain any non-ASCII characters.

Verify that DNS reverse lookup returns a fully qualified domain name when queried with the IP address of the vCenter Server. When you upgrade vCenter Server, the installation of the web server component that supports the vSphere Client fails if the installer cannot look up the fully qualified domain name of the vCenter Server from its IP address. Reverse lookup is implemented using PTR records. To create a PTR record, see the documentation for your vCenter Server host operating system.

If you use DHCP instead of a manually assigned (static) IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the domain name service (DNS). Test this is by pinging the computer name. For example, if the computer name is host-1.company.com, run the following command in the Windows command prompt:

ping host-1.company.com

If you can ping the computer name, the name is updated in DNS.

Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all vSphere Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all vSphere Clients.

For the vCenter Single Sign-On installer to automatically discover Active Directory identity sources, verify that the following conditions are met.

The Active Directory identity source must be able to authenticate the user who is logged in to perform the Single Sign-On installation.

The DNS of the Single Sign-On Server host machine must contain both lookup and reverse lookup entries for the domain controller of the Active Directory. For example, pinging mycompany.com should return the domain controller IP address for mycompany. Similarly, the ping -a command for that IP address should return the domain controller hostname. Avoid trying to correct name resolution issues by editing the hosts file. Instead, make sure that the DNS server is correctly set up.

The system clock of the Single Sign-On Server host machine must be synchronized with the clock of the domain controller.

If your database server is not supported by vCenter Server, perform a database upgrade to a supported version or import your database into a supported version. See Supported vCenter Server Database Upgrades.

Perform a complete backup of the vCenter Server database before you begin the upgrade.

If you choose to remove the DBO role, you can migrate all objects in the DBO schema to a custom schema. See the VMware knowledge base article at http://kb.vmware.com/kb/1036331.

You must have login credentials, the database name, and the database server name that will be used by the vCenter Server database. The database server name is typically the ODBC System database source name (DSN) connection name for the vCenter Server database.

Review Supported vCenter Server Database Upgrades.

To use a newly supported Microsoft SQL database, such as Microsoft SQL 2008, you do not need to perform a clean installation of vCenter Server if your existing database is also Microsoft SQL Server. For example, you can upgrade a Microsoft SQL Server 2000 database to Microsoft SQL Server 2005 or Microsoft SQL Server 2008 and then upgrade vCenter Server 4.0 or higher to vCenter Server 5.1.x. When you migrate the database from Microsoft SQL Server 2000 to Microsoft SQL Server 2005 or higher, set the compatibility level of the database to 90.

JDK 1.6 must be installed on the vCenter Server machine. In addition, sqljdbc4.jar must be added to the CLASSPATH variable on the machine where vCenter Server is to be upgraded. If it is not installed on your system, the vCenter Server installer installs it. The JDK 1.6 installation might require Internet connectivity.

Your system DSN must be using the SQL Native Client driver.

If you choose to remove the DBO role and migrate all objects in the DBO schema to a custom schema, as described in the VMware knowledge base article at http://kb.vmware.com/kb/1036331, grant the following permissions to the vCenter user in the vCenter database:

GRANT ALTER ON SCHEMA :: <schema> to <user>;
GRANT REFERENCES ON SCHEMA :: <schema> to <user>;
GRANT INSERT ON SCHEMA :: <schema>  to <user>;
GRANT CREATE TABLE to <user>;
GRANT CREATE VIEW to <user>;
GRANT CREATE Procedure to <user>;

Grant the following permissions to the user in the MSDB database:

GRANT SELECT on msdb.dbo.syscategories to <user>;
GRANT SELECT on msdb.dbo.sysjobsteps to <user>;
GRANT SELECT ON msdb.dbo.sysjobs to <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_update_job TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_category TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO <user>;
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO <user>;

To use a newly supported Oracle database, such as Oracle 11g, you do not need to perform a clean installation of vCenter Server if your existing database is also Oracle. For example, you can upgrade your existing Oracle 9i database to Oracle 10g or Oracle 11g and then upgrade vCenter Server 4.x to vCenter Server 5.1.x.

The JDBC driver file must be included in the CLASSPATH variable.

Either assign the DBA role or grant the following permissions to the user:

grant connect to <user>
grant resource to <user>
grant create view to <user>
grant create any sequence to <user>
grant create any table to <user>
grant create materialized view to <user>
grant execute on dbms_job to <user>
grant execute on dbms_lock to <user>
grant unlimited tablespace to <user> # To ensure sufficient space

After the upgrade is complete, you can optionally remove the following permissions from the user profile: create any sequence and create any table.

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the vCenter Server database user.

To use a newly supported IBM DB2 database, you must use vCenter Server 4.0 Update 1 or higher. Previous releases of vCenter Server do not support DB2 databases.

Grant the following permission to the user:

grant select on sysibmadm.applications to user <dbusername>

Create a vCenter Single Sign-On database, unless you plan to install the bundled database.

If you are using an existing database with your vCenter Single Sign-On installation or upgrade, make sure that the table spaces are named RSA_DATA and RSA_INDEX. Any other table space names will cause the vCenter Single Sign-On Installation to fail.

If you are using an existing database for Single Sign-On, to ensure that table space is created for the database, run the script rsaIMSLiteDBNameSetupTablespaces.sql. The script is included in the vCenter Server installer download package, at vCenter Server Installation directory\Single Sign On\DBScripts\SSOServer\Schema\your_existing_database. You can run the script prior to the vCenter Server upgrade, or during the upgrade, when you are prompted by the Single Sign-On installer. You can leave the installer to run the script, and resume the installer after you run the script.

If you are using an existing database for Single Sign-On, you must create a database user (RSA_USER) and database administrator (RSA_DBA) to use for the Single Sign-On database installation and setup. To create these users, run the script rsaIMSLiteDBNameSetupUsers.sql. The script is included in the vCenter Server installer download package, at vCenter Server Installation directory\Single Sign On\DBScripts\SSOServer\Schema\your_existing_database.

If you are using an existing Microsoft SQL Server database for Single Sign-On, and you want to use a dynamic port, you must provide a named instance for the SQL database during the Single Sign-On installation. The instance name created during Microsoft SQL Server installation usually defaults to MSSQLSERVER. For non-default instance names, you can determine the instance name after Microsoft SQL Server is installed by using the SQL Configuration Manager. Under SQL Server Network Configuration, the SQL Configuration Manager lists all available instances of the SQL installation.

If you install Single Sign-On with an external Microsoft SQL Server database, using a static port, and you have a firewall between Single Sign-On and the external database, you must open a static port on the firewall to communicate between Single Sign-On and the database. For example, to do this in Windows Server 2008, you can add a static port in the Windows Firewall Control Panel.

Note

The procedure for your firewall software may differ.

If you install Single Sign-On with an external Microsoft SQL Server database, and you use the dynamic port option, and you have a firewall between Single Sign-On and the external database, you must open a firewall port for the SQL Browser Service. The SQL Server Browser Service serves incoming requests for SQL Server connection by providing information about installed instances of SQL Server. The SQL Browser Service usually uses UDP port 1434. You must also add the SQL Server instance that you want to access through the firewall.