VMWare Single SignOn Service, Inventory Service, vCenter 5.1 Installation

Today, I am going to attempt installation of vCenter 5.1.

vCenter 5.1 requires vmware Single Sign On and vmware Inventory service, so we will start with Single Sign On service.
The order is SSO (Single Sign On), Inventory, and last vCenter. All 3 services can be installed on a single server but, I will attempt to install SSO on a separate server whereas Inventory and vCenter on another server.
I will be installing Inventory and vCenter on same server.

For SSO and vCenter there is a requirement of a SQL server, in this test lab I will be using a separate SQL 2008 R2 server.

So lets begin with installation of SQL 2008 R2 server.

(I will try to post every step screenshot and where ever possible will explain the step also, explanation will be in top of screenshot)

SQL Server 2008 R2 Installation

Domain Name: homelab.com – 192.168.1.151
SQL server : SQL2K8R2.homelab.com – 192.168.1.200

Image-0106

Start the setup of SQL server.
Image-0100

Image-0102

Image-0105

Image-0107

Changed the SQL Instance name from default to custom “SQL_INST”
image

I have set the Account for Agent and Database Engine as “System” may be this is not the best practice, but for sake of ease and lab.
Also, the Server Agent service startup type is set to “Automatic”, later at time of installing Inventory service it has to be set to Auto, so I did it before hand.
Image-0109

Make sure to select “Mixed Mode” for Authentication type.
I have also added local system “administrator” and “Domain Admin” group of AD as SQL administrators.
Image-0110
Installation of SQL has started.
Image-0111

Once the installation of SQL server is complete we will go ahead for installation of SSO on a dedicated server.
Image-0113

vCenter Single Sign On Installation
Server Name: SSO-A .homelab.com– 192.168.1.201

Image-0115
Note: If the Single Sign On server or the VM hosting the server fails, administrators cannot access vCenter, but ESXi hosts continue to function normally. That’s the reason I have planned to test SSO in a cluster.

very 1st we will start by enabling the .Net framework feature through server manager MMC.
Image-0114

Image-0116

image
The 1st option will suit our needs for High Availability.
image

image
Installation wizard create a default SSO administrator user account i.e., admin@System-Admin. This username and password (you specify here) will be used for administration of SSO via vSphere web client.
You can create users as required later using this account.
So make sure you remember the password.
The requirement of password is at least 1 uppercase letter, 1 lowercase letter, 1 special character, and total length should be > 8
This requirement can be changed through SSO control panel (vSphere web client).
image
Read this carefully, before we go ahead we need to run a script located in the installation media at \Single Sign On\DBScripts\SSOServer\schema\mssql.
This script has to be executed on SQL server.
Image-0122

We are on SQL Server,. Selected is the script that we need. double click on it, which will launch the management studio.

image
image
Before we execute the script, we need to make some modifiaction.
1. create folder for database file. I am using folder name as “RSA_DB” on C-Drive (for lab test purpose)
2. modify the path at 3 location, see the screenshot below, marked with black line.

image
Select “Execute” option from toolbar and you should get a success message.
image
You can see the database “RSA” is created.
image
Lets go back to SSO server and move ahead with installation.

Now, we need to fill in the appropriate details so that the installer can communicate with SQL server.
Database Name: RSA
Host Name: SQL2K8R2.homelab.com
Username: sa
Password : your password
I am using the sa account here.

JDBC URL will be populated automatically once the connection is successful.
image
Might be possible you will get error Database Connection has failed, and if you check the log file vm-sso-javaLib.log mentioned in the error with is located at %temp% dir. it says
“The TCP/IP connection to the host SQL2K8R2.homelab.com, port 1433 has failed. Error: “connect timed out. Verify the connection properties, check that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port, and that no firewall is blocking TCP connections to the port.”.
image

To resolve this, I made changes in SQL server configuration manager, under the properties of TCP/IP, IP Address tab, TCP Port is blank, set it to “1433”
imageimage
Restart the SQL server service and back to SSO installation, try moving ahead.
image
the connection will be successful, if you click back you will see JDBC URL is populated.
image
image
image
Leave the port number to default.
image
image
This completes the installation of SSO on a dedicated server.
Image-0138
Check the service from services MMC.
image

vCenter Inventory Service Installation

Lets begin installation of Inventory service on a new server, this server will also host the vCenter server.

Server Name: vcentersrv.homelab.com – 192.168.1.205
image

Inventory and vCenter requires .Net framework, and we will start by enabling the feature from “Server Manager”

Start the Setup for Inventory Service.

Image-0141

Image-0142

Image-0143

Image-0144

Image-0145

Here, enter the URL for Lookup service, which is part of SSO.
I hope you remember the password for SSO admin account. Smile
Image-0146

Image-0147

Image-0148

Image-0149

This was a very straight forward Installation.

vCenter Server Installation

For vCenter, we will start by preparing the database. we will be using the same SQL server for vCenter database.

Use the script below to create the database for vCenter Server.
On the SQL Server, open Management studio, create a new Query and paste the script.

Copy Script starting after the line

—————————————-

use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N’vcdb’, FILENAME = N’C:\VC_DB\VCDB.mdf’ , SIZE = 2000KB , FILEGROWTH = 10% )
LOG ON
(NAME = N’vcdb_log’, FILENAME = N’C:\VC_DB\VCDB.ldf’ , SIZE = 1000KB , FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
go

use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N’vpxuser’, @defdb=’VCDB’, @deflanguage=’us_english’
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go

CREATE SCHEMA [VMW]
go
ALTER USER [vpxuser] WITH DEFAULT_SCHEMA =[VMW]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE and VC_USER_ROLE database roles*/

sp_addrolemember @rolename = ‘db_owner’, @membername = ‘vpxuser’
go

/*or*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = ‘VC_ADMIN_ROLE’)
CREATE ROLE VC_ADMIN_ROLE;
GRANT ALTER ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT REFERENCES ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT INSERT ON SCHEMA ::  [VMW] to VC_ADMIN_ROLE;

GRANT CREATE TABLE to VC_ADMIN_ROLE;
GRANT CREATE VIEW to VC_ADMIN_ROLE;
GRANT CREATE Procedure to VC_ADMIN_ROLE;

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = ‘VC_USER_ROLE’)
CREATE ROLE VC_USER_ROLE
go
GRANT SELECT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT INSERT ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT DELETE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT UPDATE ON SCHEMA ::  [VMW] to VC_USER_ROLE
go
GRANT EXECUTE ON SCHEMA :: [VMW] to VC_USER_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]

go

sp_addrolemember VC_USER_ROLE , [vpxuser]

go

use MSDB
go

CREATE USER [vpxuser] for LOGIN [vpxuser]
go

/*User should have DBO Privileges or VC_ADMIN_ROLE */

sp_addrolemember @rolename = ‘db_owner’, @membername = ‘vpxuser’
go

/*or*/

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = ‘VC_ADMIN_ROLE’)
CREATE ROLE VC_ADMIN_ROLE;

go
grant select on msdb.dbo.syscategories to VC_ADMIN_ROLE
go
grant select on msdb.dbo.sysjobsteps to VC_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs to VC_ADMIN_ROLE
GO
GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE
go

sp_addrolemember VC_ADMIN_ROLE , [vpxuser]

go

—————————————-

You will see the database is create and appropriate users are given permissions on database.
image
image

image

Lets create the x64 SYSTEM DSN ODBC connection for database.
This has to be done on vCenter Server i.e., in my lab it is vcentersrv.homelab.com

We need to create a “SQL Server Native Client” type of data source, You will find that there is no entry for it.
Download and install Native Client on vCenter Server from http://go.microsoft.com/fwlink/?LinkId=123718&clcid=0x409

image
image
image
image
image
image
image
image
image
image
Image-0195
Image-0198
Image-0199

Installation of vCenter Server is complete.
I will continue the post in next part, where we will cover installation of vSphere Web Client.

Advertisements

5 thoughts on “VMWare Single SignOn Service, Inventory Service, vCenter 5.1 Installation

  1. Pingback: vmware vSphere Web Client Installation « MSXChange
  2. Excellent document. However, seems I am having issue with the step around create the vCenter DB using the script provided.

    Keeps on getting the error message like…

    Msg 102, Level 15, State 1, Line 2
    Incorrect syntax near ”.
    Msg 132, Level 15, State 1, Line 4
    The label ‘C’ has already been declared. Label names must be unique within a query batch or stored procedure.
    Msg 911, Level 16, State 1, Line 2
    Database ‘VCDB’ does not exist. Make sure that the name is entered correctly.
    Msg 102, Level 15, State 1, Line 1
    Incorrect syntax near ”.
    Msg 15151, Level 16, State 1, Line 1
    Cannot alter the login ‘vpxuser’, because it does not exist or you do not have permission.
    Msg 15007, Level 16, State 1, Line 1
    ‘vpxuser’ is not a valid login or you do not have permission.
    Msg 2714, Level 16, State 6, Line 2
    There is already an object named ‘VMW’ in the database.
    Msg 2759, Level 16, State 0, Line 2
    CREATE SCHEMA failed due to previous errors.
    Msg 15151, Level 16, State 1, Line 1
    Cannot alter the user ‘vpxuser’, because it does not exist or you do not have permission.
    Msg 102, Level 15, State 1, Line 4
    Incorrect syntax near ”.
    Msg 102, Level 15, State 1, Line 4
    Incorrect syntax near ”.
    Msg 102, Level 15, State 1, Line 14
    Incorrect syntax near ”.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_USER_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_USER_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_USER_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_USER_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_USER_ROLE’, because it does not exist or you do not have permission.
    Msg 15014, Level 16, State 1, Procedure sp_addrolemember, Line 36
    The role ‘VC_ADMIN_ROLE’ does not exist in the current database.
    Msg 15014, Level 16, State 1, Procedure sp_addrolemember, Line 36
    The role ‘VC_USER_ROLE’ does not exist in the current database.
    Msg 15007, Level 16, State 1, Line 2
    ‘vpxuser’ is not a valid login or you do not have permission.
    Msg 102, Level 15, State 1, Line 4
    Incorrect syntax near ”.
    Msg 102, Level 15, State 1, Line 4
    Incorrect syntax near ”.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15151, Level 16, State 1, Line 1
    Cannot find the user ‘VC_ADMIN_ROLE’, because it does not exist or you do not have permission.
    Msg 15014, Level 16, State 1, Procedure sp_addrolemember, Line 36
    The role ‘VC_ADMIN_ROLE’ does not exist in the current database.

    Any pointer would be much appreciated.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s