When deploying an Embedded vCenter Server or an external Platform Services Controller, one of the configurations you will be asked for is the vCenter Single Sign-On Domain Name and Site Name as seen in the screenshot below.

Screen Shot 2015-04-02 at 2.54.22 PM
In addition to troubleshooting, you will also need to know about the SSO Domain Name + Site Name if you plan on deploying additional Platform Services Controller for replication purposes or additional vCenter Servers. It is important to note that you do not need to know this information explicitly when deploying using the new Guided UI Installation. You just need to know the hostname/IP Address of your PSC as the rest of the information will automatically be obtained by the tool.

locate-sso-site-name-1
The issue only arises when you are trying to perform a Scripted Installation and this is where you will need to provide both the SSO Domain Name and Site Name and below are the instructions on retrieving this information.

First off, you will need to login to your Platform Services Controller whether that be on a Windows Server or the VCSA.

SSO Domain Name

You will find it in the following two configuration files:

Windows:

C:\ProgramData\VMware\vCenterServer\cfg\install-defaults\vmdir.domain-name

VCSA:

/etc/vmware/install-defaults/vmdir.domain-name

VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

For more details, check out my previous blog post: vCenter Server 6.0 Tidbits Part 1: What install & deployment parameters did I use?

SSO Site Name

First, you will need to identify where your Lookup Service is running on which is located on your PSC or your Embedded VC instance. What we are ultimately looking for is Lookup Service URL which is in the following format: https://[SERVER]/lookupservice/sdk If for whatever reason you do not know where your PSC is, then you can login to your vCenter Server and find the Lookup Service URL by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe" get-ls-location --server-name localhost

VCSA:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

locate-lookupservice
Once we have the Lookup Service URL, we can then find the SSO Site Name by running the following command:

Windows:

"C:\Program Files\VMware\vCenter Server\python\python.exe" "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py" get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk"

VCSA:

/usr/lib/vmidentity/tools/scripts/lstool.py get-site-id --url https://vcenter60-6.primp-industries.com/lookupservice/sdk 2> /dev/null

locate-sso-site-name-2
VCSA 6.0u2:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost

As you can see the process to find the SSO Site Name is not really intuitive, but I know Engineering is aware of this and has plans to simplify this in the future.

23 thoughts on “vCenter Server 6.0 Tidbits Part 2: What is my SSO Domain Name & Site Name?

  1. Major respect for this blog!
    I am wondering exactly what the SSO Domain Name is good for, why it is used and what domain name I _should_ give to my sites. Does it mirror Active Directory?

  2. Hi William,
    I just upgrades my vcsa from 5.5 to 6 and I noticed that there was no Single Sign-On site option in the wizard. How van I join the updated vcsa to the new SSO site?

    • You will need to either use the new Guided UI Install or Scripted Install, both of which are inside of the VCSA ISO. Take a look at the vSphere 6.0 documentation for more details.

  3. Hello, I try to change my SSO domain name (because I put an IP address during installation) but could not find a solution
    Do you have any idea

    Thank you in advance

    • You’re actually referring to the IP Address of your PSC, not the SSO Domain Name (which is different).

      You can only change the IP Address if you used FQDN when you deployed, else it is not possible to change the IP Address after deployment. You’ll see that you’re not allowed to when using the DCUI interface

  4. On one of my upgraded vSphere 6 labs the lookup service or SSO server hostname returns as a short name, not an FQDN. Do you know if and how I can change that to an FQDN?

  5. Hi there – any idea on why the constraints for the SSO Domain Name got changed between Beta and GA 6.0? with the Beta installer I could make the SSO domain as “vcsa1.mk-38” – but when I tried to use that same domain name in the GA installer (for a fresh install for GA) it won’t accept anything beyond the “vcsa1.mk” string except additional alpha characters (neither – nor 38 work any more)

  6. Hi William,

    I had a quick question in regards to PSC. If you need 2 Platform Services Controllers (PSC) to replicate between one another, do you need a Load Balancer?

    I guess, I am a bit confused reading the deployment paper from VMware as to Load Balancer. My ultimate goal in this is, to have 2 PSC running, and if one crashes, you point the 2 Vcenters to the other PSC.

    I hope the question is clear….

    Thanks in advance,

  7. Quiestion , im deploying multiple psc’s ( 4 planned ) but when im trying to join an existing site in the sso i only have 1 name in the pull-down menu whereas i have 2 sites , so something is messed up but i’m trying to understand why my other site is not showing up in the list , the site is actually in the same vcenter but its just the list that doesn’t show the site when im trying to deploy a psc. any suggestions

    regards

    Robbert

  8. While i installed VCSA 6, i have given my SSO Domain Name same as my internal Domain Name which created lots of authentication issues. Request you to help me to change the VCSA SSO Domain Name

  9. Thanks so much for sharing the details~ I ran into a stupid situation by carelessly created a customized sso domain and site, and the client accidentally closed. After a while when I try to reconnect to the new vcsa I realized I forgot the sso-domain name… Thanks again~

  10. Really good information thank you. I want to consolidate 2 SSO domains into 1 as part of a 5.5->6.0 vCenter upgrade. Is there hope? Any suggestions for process or documentation?

  11. Willian,

    Regarding SSO domain setup (PSC) on a recovery site for use of SRM 6.x, can I join to an existent SSO domain or this answer only depends on wan link latency?

  12. Hi all,

    I have difficulties with these two concepts: SSO Domain Name and SSO Site name. Anyone can explains me the differences between them and why are so importants when I must upgrade/migrate my farm vs ver 6.0? I must upgrade my farm 5.5 to ver. 6 next month (8 vCenters), and I don’t know how these parameters must be configured.

    Thank you!

    Francesco

Thanks for the comment!