Enhanced Linked Mode facilitates the connection of multiple vCenter Server systems through one or more vCenters. Once linked, this configuration provides a centralized overview of your entire infrastructure via a single vCenter URL, allowing for the management of all vCenter servers through a unified vSphere Web Client session. Since these servers are part of the same Single Sign-On (SSO) domain, they will synchronize permissions, licenses, tags, policies, and roles across all linked vCenter Servers.
In this scenario, the two vCenters mentioned below are situated in separate data centers, and we will attempt to join the second vCenter Server Appliance (vCSA) to the SSO domain of the first appliance. The vCenter Server being repointed will transition from its current SSO domain to join the existing domain as an additional vCenter Server connected via Enhanced Linked Mode.
In this example, the source embedded vCenter Server is vcf-vc02.ash.local (the vCenter that needs to be pointed), while the replication partner Platform Services Controller is vcf-vc01.ash.local (my master vCenter). It is crucial that tags or settings on the replication partner remain unaltered.
Repointing is handled by the CMSSO-UTIL command
Run the following command from an SSH session on the vCenter server / PSC to confirm the SSO site name
/usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost
Run the following command from an SSH session on the vCenter server to confirm the SSO domain name
/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
Run the following command from an SSH session on the vCenter server to show the PSC node the vCenter server is currently pointed to
/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost
Run a pre-check command with the option -m pre-check
# Syntax of the command
cmsso-util domain-repoint -m pre-check --src-emb-admin <PSC admin of source node> --replication-partner-fqdn <destination node FQDN> --replication-partner-admin <PSC admin of destination node> --dest-domain-name <destination PSC domain>
where;
-m pre-check - will only do a precheck,
- source node - the node which is being repointed ( ie : vcf-vc02.ash.local )
–src-emb-admin is the SSO administrator of our source vCenter
–replication-partner-admin is the SSO administrator of our destination vCenter
–replication-partner-fqdn is the destination vCenter server
–dest-domain-name is the domain name to which the source vCenter would join
Example
cmsso-util domain-repoint --mode pre-check --src-emb-admin administrator --replication-partner-fqdn vcf-vc01.ash.local --replication-partner-admin administrator --dest-domain-name vsphere.local
To proceed with domain join, execute the command with -m execute
cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name vsphere.local
Example of Joining vcf-vc02 to vcf-vc01
cmsso-util domain-repoint --mode execute --src-emb-admin administrator --replication-partner-fqdn vcf-vc01.ash.local --replication-partner-admin administrator --dest-domain-name vsphere.local
Show partners
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator
Verifying Logs
tail -f /var/log/vmware/vmdir/vmafdvmdirclient.log
Location of conflict data if any,
Logs will be written on /storage/domain-data/Conflict*.json
References
Repointing vCenter Server to another SSO Domain – VMware vSphere Blog