I've been tasked to upgrade an existing vSphere 5.5 environment to vSphere 6. During the process the embedded SSO components in the Windows vCenter should be migrated to two external PSCs for better scalability.

In high level the process looks like this:
-Create DNS entries for new PSCs
-Upgrade during vCenter and all components to vSphere 6
-Deploy two new PSCs based on vCSA and join the existing domain
-Reconfigure vCenter to use the new external PSC


After creating the new DNS entries I upgraded vCenter components to version 6 following the wizards. My upgrade failed at the beginning while trying to uninstall the 5.5 components. The install log revealed that OpenSSL couldn't be removed.
To fix it I mounted the 5.5 vCenter DVD and reinstalled the OpenSSL component from "Single Sign-On\prerequisites." 
Afterwards the upgrade completed without any issues.

 Back to the PSC part...

First I deployed the two new PSCs via the wizard. By deploying them as PSCs and join the existing SSO domain in the same site.
In the next step I used cmsso-util with the reconfigure option repoint the system to new external PSC. This will also demote the embedded deployment to a management node.
cmsso-util reconfigure –repoint-psc “newpsc.fqdn” –username “Administrator” –domain-name “vsphere.local” –passwd “secret123”
When the reconfigure operations is used it automates the following tasks to transition an embedded deployment to an external deployment topology. (via http://vmw.re/1Ihg6yA)
  1. Stops all non-core services
  2. Sets the dc-name option as the external Platform Services Controller
  3. Sets the dc-port if HTTPs is running on a custom port
  4. Changes the Deployment Type in the registry: embedded to external
  5. Removes the local Platform Services Controller from federated SSO domain.
  6. Stop all services
  7. Changes the Deployment Node Type to start only services for a Management Node
  8. Update the service dependencies
  9. Starts the vmafdd required to join the external Platform Services Controller
  10. Disables services and registration for the embedded Platform Services Controller (Appliance)
    Runs MSI uninstall scripts to remove and unregister services for the embedded Platform Services Controller (Windows)
  11. Restarts all services
Note: To repoint between external PSCs in the same site you would use cmsso-util repoint –repoint-psc

We can now validate from our vCenter if the PSC has been moved as per cmsso-util output by running:

"C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe" get-ls-location --server-name localhost

The output should show the Lookup Service URL on your new PSC.