After you upgrade both nodes of a 5.1.x vCenter Single Sign-On high availability deployment to version 5.5, reconfigure the load balancer.

Before you begin

Upgrade both vCenter Single Sign-On nodes to version 5.5.

Procedure

  1. In the httpd.conf file of the load balancer, in the section Configure the STS for clustering, change values from ims to sts.

    Use the following example as a model.

    # Configure the STS for clustering
     ProxyPass /sts/ balancer://stscluster/ nofailover=On
     ProxyPassReverse /sts/ balancer://stscluster/
     
     Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/sts" env=BALANCER_ROUTE_CHANGED
     <Proxy balancer://stscluster>
       BalancerMember https://sso1.example.com:7444/sts route=node1 loadfactor=100 retry=300
       BalancerMember https://sso2.example.com:7444/sts route=node2 loadfactor=1 retry=300
       ProxySet lbmethod=byrequests stickysession=ROUTEID failonstatus=500
     </Proxy>
  2. Configure both vCenter Single Sign-On servers for load balancing.
    1. In the first vCenter Single Sign-On node, edit the file server.xml to add the entry jvmRoute="node1".

      The default location of the file is C:\ProgramData\VMware\cis\runtime\VMwareSTService\conf\server.xml.

    2. Restart TC server.
    3. In the second vCenter Single Sign-On node, edit the file server.xml to add the entry jvmRoute="node2".

      The default location of the file is C:\ProgramData\VMware\cis\runtime\VMwareSTService\conf\server.xml.

    4. Restart TC server.
  3. In the first vCenter Single Sign-On node, take the following actions:
    1. From a command prompt, run ssolscli.cmd listServices to get the service endpoints.
    2. Edit the files sts_id, admin_id, and gc_id to match the ServerId's from the output of the ssolscli.cmd listServices command.

    Each file should contains single line similar to:

    SSO node1 Site name:a03772af-b7db-4629-ac88-ba677516e2b1

  4. Edit the file sts.properties to replace the vCenter Single Sign-On hostname with the load balancer hostname.

    Use the following example as a model:

    [service]
    friendlyName=The security token service interface of the SSO server
    version=1.5
    ownerId=
    type=urn:sso:sts
    description=The security token service interface of the SSO server
    productId=product:sso
    viSite=SSO node1 site name
    
    [endpoint0]
    uri=https://loadbalancer fqdn.com:7444/sts/STSService/vsphere.local
    ssl=C:\updateInfo\cacert.pem
    protocol=wsTrust
  5. Edit the file admin.properties to replace the vCenter Single Sign-On hostname with the load balancer hostname.

    Use the following example as a model:

    [service]
    friendlyName=The administrative interface of the SSO server
    version=1.5
    ownerId=
    type=urn:sso:admin
    description=The administrative interface of the SSO server
    productId=product:sso
    viSite=SSO node1 site name
    
    [endpoint0]
    uri=https://loadbalancer fqdn.com:7444/sso-adminserver/sdk/vsphere.local
    ssl=C:\updateInfo\cacert.pem
    protocol=vmomi
  6. Edit the file gc.properties to replace the vCenter Single Sign-On hostname with the load balancer hostname.

    Use the following example as a model:

    [service]
    friendlyName=The group check interface of the SSO server
    version=1.5
    ownerId=
    type=urn:sso:groupcheck
    description=The group check interface of the SSO server
    productId=product:sso
    viSite=SSO node1 site name
    
    [endpoint0]
    uri=https://loadbalancer fqdn.com:7444/sso-adminserver/sdk/vsphere.local
    ssl=C:\updateInfo\cacert.pem
    protocol=vmomi
  7. For each of the service ID, run the command ssolscli.cmd updateService:
    ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u Administrator@vsphere.local -p password -si sts_id -ip sts.properties
    ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u Administrator@vsphere.local -p password -si admin_id -ip admin.properties
    ssolscli.cmd updateService -d https://sso1.example.com/lookupservice/sdk -u Administrator@vsphere.local -p password -si gc_id -ip gc.properties
  8. Restart the first vCenter Single Sign-On node.
  9. Restart the second vCenter Single Sign-On node.
  10. Restart the load balancer.

What to do next

Upgrade the vSphere Web Client.