Configure Enhanced Linked Mode for Existing VCSA

In my home lab setup I have two vCenter servers configure with vSphere 7 and using vsphere.local default SSO domain. But at the time deploying these two VCSA appliances I have not configured them as replication partners so these two is not configured to use enhanced linked mode.

Recently I wanted to configure them in enhanced linked mode to make my management tasks more easier, I have followed VMware KB article found here  and here are the details steps I have taken.

Caution: Make sure you have taken file-based backup for each vCenters, in any case if want to restore.

Also this re pointing mechanism is only available after vSphere 6.7 update 1 release and later.

Current Configuration:

I have two vCenters in my lab called VC01 and VCSA001. Both uses vsphere.local SSO.

Current vCenter Configuration
And, If I navigate to the Linked vCenter Server Systems tab in either vCenter, I can see only empty screen as there is no such setup yet.

Linked vCenter Server Systems

I want to link VC02 as a replication partner to VC01 and so I can enable ELM for VCs.

Configuration Steps:

SSH to VC002 and then run per-checks to ensure there is no conflicts. This will not modify any configurations, but will fetch role and privileges, tags and categories information from the VC02 (source VCSA) and checks the conflicts against the VC01 (destination VCSA).

To do this configuration we use cmsso-util command and you can see the available syntax from here.

Run the following command in source vCenter, in my case VC02.

cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn <<FQDN_of_destination_node>> --replication-partner-admin <<PSC_Admin_of_destination_node>> --dest-domain-name <<destination_PSC_domain>>

Input parameters and arguments:




SSO Admin account for the source vCenter. Only the account name should be provided. Default is Administrator


FQDN of destination vCenter. My case FQDN of VCSA01


SSO admin account for the destination vCenter. Only the account name should be provided. Default is Administrator


Vsphere SSO domain of the destination vCenter. In my case vsphere.local.

One you hit Enter, you can see the following output.

This will prompt you for the source and destination SSO passwords and prompt to confirm the action. Press Y to continue.

This pre-check will log the conflict data in '/storage/domain-data' directory. Navigate to this location to see the detected conflicts.

cd /storage/domain-data/

If you see any conflicts you have to resolve these conflicts. There are three resolutions available.
  1.     Copy: Create a duplicate copy of the data in the target domain.
  2.     Skip: Skips copying the data in the target domain.
  3.     Merge: Merges the conflict without creating duplicates.
Once, we resolve the conflicts in above .JSON file we can continue with the domain join process. This will be achieved by setting -m parameter to execute in the command syntax we used to do the pre-check.

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn <<FQDN _of_destination_node>> --replication-partner-admin <<destination_node_PSC_Admin_user_name>> --dest-domain-name <<destination_PSC_domain>>

Same as the pre-check step it will ask for both administrator passwords for source and destination vCenters and then ask to confirm the action that you are about to execute.

This will take some time as it has lots of background processes to complete and this will uninstall PSC and reinstall it in Source vCenter as well. Also during this process source vCenter will be unavailable to end users.

Domain re point in action

Validate the Configurations

Log in to one of the vCenter via Web Client,

ELM configuration

Also you can check from the SSH console using following command.

  1. Change the directory to /usr/lib/vmware-vmdir/bin
  2. Execute following command.
./vdcrepadmin -f showpartners -h VCSA_FQDN -u administrator -w Administrator_Password
vdcrepadmin status

You can use the above steps to re point a single vCenter server node from one domain to another existing domain as well.


Post a Comment