You can repoint a vCenter Server from one Single Sign-On domain to an existing domain using a replication partner.
Prerequisites
- Repointing is only supported with vCenter Server 6.7 Update 1 and later.
- You must repoint to a vCenter Server that is of the same version and nodes that are of the same version and build number.
- To ensure no loss of data, take a file-based backup of each node before proceeding with repointing the vCenter Server.
Procedure
- Shut down the node (for example, Node C) that is being repointed (moved to a different domain).
- Decommission the vCenter Server node that is being repointed. For example, to decommission Node C, log into Node B (on the original domain) and run the following command:
cmsso-util unregister --node-pnid Node_C_FQDN --username Node_B_sso_administrator@sso_domain.com --passwd Node_B_sso_adminuser_password
After unregistering Node C, services are restarted. References to Node C are deleted from Node B and any other nodes that were linked with Node C on the original domain.
- Power on Node C to begin the repointing process.
- (Optional) Run the pre-check mode command. The pre-check mode fetches the tagging (tags and categories) and authorization (roles and privileges) data from the vCenter Server. Pre-check does not migrate any data, but checks the conflicts between the source and destination vCenter Server. For example, run the pre-check with the following CLI:
cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn FQDN_of_destination_node --replication-partner-admin PSC_Admin_of_destination_node --dest-domain-name destination_PSC_domain
Note: Pre-check is not required if a replication partner does not exist (repointing to a newly created domain).
The pre-check writes the conflicts to the
/storage/domain-data directory.
- (Optional) Check conflicts and apply resolutions for all conflicts or apply a separate resolution for each conflict.
The conflict resolutions are:
- Copy: Create a duplicate copy of the data in the target domain.
- Skip: Skips copying the data in the target domain.
- Merge: Merges the conflict without creating duplicates.
Note: The default resolution mode for Tags and Authorization conflicts is Copy, unless overridden in the conflict files generated during pre-check.
- Run the execute command. In execute mode, the data generated during the pre-check mode is read and imported to the target node. Then, the vCenter Server is repointed to the target domain. For example, run the execute command with the following:
cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn FQDN _of_destination_node --replication-partner-admin destination_node_PSC_Admin_user_name --dest-domain-name destination_PSC_domain