VMware vSphere

 View Only

  • 1.  PSC 6 - remove old PSC

    Posted Sep 17, 2015 02:27 PM

    Some time ago I attempted to install the first external PSC on Windows into my existing multi-site 5.5 SSO.  Despite effort i could not get it to complete successfully so gave up, used a PSC appliance, moved the rest of the environment to 6.0 and all has been well since.  I forget what the exact problem was.

    Zoom forward to today, all is working.  I have 2x external PSC appliances and 2x VCSA appliances.

    I attempted to upgrade to Update 1 but despite successful upgrades of PSCs and VCSAs I could not get the web client to load up after login (legacy client worked fine).  "An internal error has occurred - index 0 out of bounds'.  Web-client log files kept showing errors about not being able to contact this stale\old Windows PSC.  I was under pressure to get access to vCenter back so i rolled back to snapshots i took before starting upgrade and all is well with the world again.

    Before attempting to upgrade again I would like to clear up this stale record but am having trouble.  I've been through KB2106736 but i get the following error:

        cmsso-util unregister --node-pnid Old-PSC --username administrator@vsphere.local --passwd sso_pwd

         Could not find a host id which maps to Old-PSC in Component Manager

         Failed!!!

    I also try the following but get the below error:

         /usr/lib/vmware-vmdir/bin/vdcleavefed -h Old-PSC -u administrator -u sso_pwd

         fdcleavefd offline for server Old-PSC

         Leave federation cleanup failed. Error[13] - Confidentiality required.

    I have run the above commands on both my PSC appliances with the same result.

    Any ideas before I open a support case?

    Thanks.

    Dave



  • 2.  RE: PSC 6 - remove old PSC

    Posted Oct 02, 2015 05:22 AM

    Make sure first the PSC is powerdown and try by proper FQDN name.Mostly below error will come only if the IP or FQDN name failed to search..

    or try this command with proper FQDN name /usr/lib/vmware-vmdir/bin/vdcleavefed -h -u [-w ] ( Refer VMware KB 2114233 )

    VMware KB:    Attempting to join an Appliance-based Platform Services Controller or vCenter Server to a vSphere domain …



  • 3.  RE: PSC 6 - remove old PSC

    Posted Nov 02, 2015 08:07 PM

    Leave federation cleanup failed. Error[13] - Confidentiality required.

    This could be because the stale entry does not exist for the PSC/vCenter installation from the previous/failed installation attempt.



  • 4.  RE: PSC 6 - remove old PSC

    Posted Nov 02, 2015 08:32 PM

    In my case PSC is showing in the Nodes but still it is failing with the error as " Confidentiality required " so I just re-installed the PSC with the same name and then successfully cleaned the PSC ..



  • 5.  RE: PSC 6 - remove old PSC

    Posted Jan 14, 2016 10:04 AM

    @GaneshsekarbabuGaneshsekarbabu


    Could you explain it more widely " I just re-installed the PSC with the same name and then successfully cleaned the PSC" ?

    Regards,

    Piotr



  • 6.  RE: PSC 6 - remove old PSC

    Posted Jan 10, 2016 07:28 PM

    Did you ever get this fixed? I am having same issue.



  • 7.  RE: PSC 6 - remove old PSC

    Posted Jul 25, 2018 05:54 PM

    I had the same issue.

    I was able to run cmsso-util unregister without errors, but I didn't get the full output I was supposed to.

    I ran vdcleavefed but got the confidentiality error, or failed with an LDAP error in the logs.

    I used this guy's advice to connect to my vsphere's LDAP.

    http://www.electricmonk.org.uk/2017/03/07/using-jxplorer-to-connect-to-vsphere-psc-server/

    When I went there, I saw that my PSC's each had a replication agreement with the defunct PSC, and not with each other.

    I used vdcrepadmin -f createagreement to create a replication agreement between the two remaining PSC's.

    It sorta looks like that's what was keeping the ghost of the old PSC around.  After I fixed the replication agreement, I ran vdcleavefed and the old PSC went away.

    - t2



  • 8.  RE: PSC 6 - remove old PSC

    Posted Nov 24, 2021 08:47 AM

    This is a good solution, I have same problem and I saw that my PSC's each had a replication agreement with the defunct PSC, and not with each other.

    But I can not recreate a replication agreement between the two PSC's because one PSC is down and I get this error when I try to create agreement.

    vdcrepadmin failed. Error [Server down] [9127]​

    Any ideas ?

     

     wrote:

    I had the same issue.

    I was able to run cmsso-util unregister without errors, but I didn't get the full output I was supposed to.

    I ran vdcleavefed but got the confidentiality error, or failed with an LDAP error in the logs.

     

    I used this guy's advice to connect to my vsphere's LDAP.

    http://www.electricmonk.org.uk/2017/03/07/using-jxplorer-to-connect-to-vsphere-psc-server/

     

    When I went there, I saw that my PSC's each had a replication agreement with the defunct PSC, and not with each other.

    I used vdcrepadmin -f createagreement to create a replication agreement between the two remaining PSC's.

     

    It sorta looks like that's what was keeping the ghost of the old PSC around.  After I fixed the replication agreement, I ran vdcleavefed and the old PSC went away.

     

    - t2

     



  • 9.  RE: PSC 6 - remove old PSC

    Posted Jul 27, 2018 06:37 AM

    psc03:~ # /usr/lib/vmware-vmdir/bin/vdcleavefed -h psc02.alex.local -u administrator -w SSO-Admin-Pwd

    change your psc name and try this command



  • 10.  RE: PSC 6 - remove old PSC

    Posted Oct 30, 2024 04:26 PM

    Thanks!  This worked to remove my defunct PSC!  Quick and easy!


    Original Message