In high level the process looks like this:
-Create DNS entries for new PSCs
-Upgrade during vCenter and all components to vSphere 6
-Deploy two new PSCs based on vCSA and join the existing domain
-Reconfigure vCenter to use the new external PSC
After creating the new DNS entries I upgraded vCenter components to version 6 following the wizards. My upgrade failed at the beginning while trying to uninstall the 5.5 components. The install log revealed that OpenSSL couldn't be removed.
To fix it I mounted the 5.5 vCenter DVD and reinstalled the OpenSSL component from "Single Sign-On\prerequisites."
Afterwards the upgrade completed without any issues.
Back to the PSC part...
First I deployed the two new PSCs via the wizard. By deploying them as PSCs and join the existing SSO domain in the same site.
In the next step I used cmsso-util with the reconfigure option repoint the system to new external PSC. This will also demote the embedded deployment to a management node.
cmsso-util reconfigure –repoint-psc “newpsc.fqdn” –username “Administrator” –domain-name “vsphere.local” –passwd “secret123”
When the reconfigure operations is used it automates the following tasks to transition an embedded deployment to an external deployment topology. (via http://vmw.re/1Ihg6yA)
- Stops all non-core services
- Sets the dc-name option as the external Platform Services Controller
- Sets the dc-port if HTTPs is running on a custom port
- Changes the Deployment Type in the registry: embedded to external
- Removes the local Platform Services Controller from federated SSO domain.
- Stop all services
- Changes the Deployment Node Type to start only services for a Management Node
- Update the service dependencies
- Starts the vmafdd required to join the external Platform Services Controller
- Disables services and registration for the embedded Platform Services Controller (Appliance)
Runs MSI uninstall scripts to remove and unregister services for the embedded Platform Services Controller (Windows) - Restarts all services
Note: To repoint between external PSCs in the same site you would use cmsso-util repoint –repoint-psc
We can now validate from our vCenter if the PSC has been moved as per cmsso-util output by running:
"C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe" get-ls-location --server-name localhost
The output should show the Lookup Service URL on your new PSC.