In a previous post, I discussed potential topologies of vCenters in a SSO domain. In general I think I have gotten burned a lot from having multiple vCenters and PSCs in a single SSO domain, but when things are working it’s pretty nice to have a consolidated view.
In my latest issue, I decided to consolidate my vCenters from six SSO sites to three since I had three physical locations. It is easier to share PSCs between vCenters (multiple pointing to one or hot re-pointing) when they are in the same SSO site. Besides that, SSO sites serve as a sort of logical boundary for service registrations, but it’s unclear what this boundary really does.
I started with vCenterA -> PSCA in SSO SiteA and vCenterB -> PSCB in SSO SiteB. First step was for vCenterB -> PSCA in SSO Site A following this VMware KB.
Then decommission PSCB following this VMware KB.
At this point I intended to re-install on PSCB but somehow that system got corrupted so I tried to start up PSCC that had replication partners of PSCA and another PSC and was in SSO Site A. Originally I hit this issue with tombstones slowing down the PSC promotion process. I had to update vCenter and PSCs to 6.0u3b and remove the tombstones from each of the PSCs.
Once the new PSCC was up, I could re-point vCenterB -> PSCC, but I was seeing PBM errors when trying to vMotion in vCenterB. I also saw issues in the sps log, it looked like an invalid certificate. After working with support, it was determined that the vCenterB was issues certificates from PSCB which is no longer around. I had to re-issue VMCA Machine SSL Certs and Solution user Certs at which point the PBM and SPS error subsided.
In order to re-point vCenterB to PSCC I followed this kb