Before installing vCenter Single Sign-On, Inventory Service, and vCenter Server, review the prerequisites.

Prerequisites for Understanding and Preparing for the Installation Process

System Prerequisites

  • Verify that your system meets the requirements listed in Hardware Requirements for vCenter Server, the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On and vCenter Server Software Requirements, and that the required ports are open, as discussed in Required Ports for vCenter Server.
  • Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the vSphere network. See Synchronizing Clocks on the vSphere Network.
  • Verify that the DNS name of the vCenter Server host machine matches the actual computer name.
  • Verify that the host name of the machine that you are installing vCenter Server on complies with RFC 1123 guidelines.
  • The installation path of vCenter Server must be compatible with the installation requirements for Microsoft Active Directory Application Mode (ADAM/AD LDS). The installation path cannot contain any of the following characters: non-ASCII characters, commas (,), periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).
  • Verify that the system on which you are installing vCenter Server is not an Active Directory domain controller.
  • On each system that is running vCenter Server, verify that the domain user account has the following permissions:
    • Member of the Administrators group
    • Act as part of the operating system
    • Log on as a service
  • vCenter Server requires the Microsoft .NET 3.5 SP1 Framework. If your system does not have it installed, the vCenter Server installer installs it. The .NET 3.5 SP1 installation might require Internet connectivity to download more files.
  • If the system that you use for your vCenter Server installation belongs to a workgroup rather than a domain, not all functionality is available to vCenter Server. If assigned to a workgroup, the vCenter Server system is not able to discover all domains and systems available on the network when using some features. Your machine must be connected to a domain if you want to add Active Directory identity sources after the installation. To determine whether the system belongs to a workgroup or a domain, right-click My Computer. Click Properties and click the Computer Name tab. The Computer Name tab displays either a Workgroup label or a Domain label.
  • Verify that the NETWORK SERVICE account has read permission on the folder in which vCenter Server is installed and on the HKLM registry.
  • During the installation, verify that the connection between the machine and the domain controller is working.
  • Before the vCenter Server installation, in the Administrative Tools control panel of the vCenter Single Sign-On instance that you will register vCenter Server to, verify that the following services are started: VMware Certificate Service, VMware Directory service , VMware Identity Manager Service, VMware KDC service, and tcruntime-C-ProgramData-VMware-cis-runtime-VMwareSTSService.
  • You must log in as a member of the Administrators group on the host machine, with a user name that does not contain any non-ASCII characters.

Network Prerequisites

  • Verify that the fully qualified domain name (FQDN) of the system where you will install vCenter Server is resolvable. To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at a command line prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of the domain controller machine.
  • Verify that DNS reverse lookup returns a fully qualified domain name when queried with the IP address of the vCenter Server. When you install vCenter Server, the installation of the web server component that supports the vSphere Web Client fails if the installer cannot look up the fully qualified domain name of the vCenter Server from its IP address. Reverse lookup is implemented using PTR records. To create a PTR record, see the documentation for your vCenter Server host operating system.
  • Verify that no Network Address Translation (NAT) exists between the vCenter Server system and the hosts it will manage.
  • Install vCenter Server, like any other network server, on a machine with a fixed IP address and well known DNS name, so that clients can reliably access the service. Assign a static IP address and host name to the Windows server that will host the vCenter Server system. This IP address must have a valid (internal) domain name system (DNS) registration. Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all vSphere Web Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all vSphere Web Clients. If you use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server computer name is updated in the domain name service (DNS). Ping the computer name to test this connection. For example, if the computer name is, run the following command in the Windows command prompt:
    If you can ping the computer name, the name is updated in DNS.
  • If you will use Active Directory as an identity source, verify that it is set up correctly. The DNS of the vCenter Single Sign-On Server host machine must contain both lookup and reverse lookup entries for the domain controller of the Active Directory. For example, pinging should return the domain controller IP address for mycompany. Similarly, the ping -a command for that IP address should return the domain controller hostname. Avoid trying to correct name resolution issues by editing the hosts file. Instead, make sure that the DNS server is correctly set up. For more information about configuring Active Directory, see the Microsoft Web site.

Database Prerequisites