vCenter Server Appliance 5.5 in a home lab, without SSO errors

Posted by Paul Braren on Sep 26 2013 (updated on Oct 1 2013) in
  • ESXi
  • HowTo

    • Does this scenario sound familiar? You install the VMware VCSA (vCenter Server Appliance) 5.5 using 'Deploy OVF Template', and all seems to go well, quick-and-easy, especially on an SSD datastore. Next, you web your merry way into that initial config, and cancel out of the wizard as it advises, hard-coding your IP address and hostname. This change takes effect immediately, and removes reliance on your home router's DHCP. A good thing. But then, just when you thought you were nearing the finish line, you go run the wizard again and choose "Configure with default settings" and bam, it spits out some horrible errors:

    Failed to execute '/usr/sbin/vpxd_servicecfg 'sso' 'write' 'embedded' CENSORED CENSORED 'default-pass'':
    VC_CFG_RESULT=702(Error: An unexpected error occurred during the installation of the appliance SSO service. Please collect a support bundle and file a service request.)

    What to do in a home lab, where you haven't got a proper DNS with reverse lookup using PTR records, as explained in the VMware vSphere 5.5 Documentation Center?
    Download and Deploy the VMware vCenter Server Appliance
    Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server

    SolarWinds-showing-ESXi-5.5-and-vCenter-5.5

    Here's some options:
    1) Put together a Windows Server + SQL Server system or VM somewhere, and add the full 3.3GB installer vCenter to it. But that's a whole lot more complex, and time consuming. Good when studying for certification, not necessarily good to keep running at home 24x7.
    2) Get another Windows system and run a light weight DNS on it, such as Simple DNS Plus. Keep in mind you'll want to keep it running, always, especially when rebooting the appliance.
    3) Tweak your hosts file.

    Option 3 works great for my needs. If you want simplicity and no additional cost*, take a few seconds to make just the right tweaks to the VCSA's host file, right before running the wizard. Yes, the workaround is essentially that simple, see "The fix" section below. No nasty errors or side effects that I've seen so far. If you want to use the friendly names for the bits an pieces of your lab like esxi and vcenter, then optionally, tweak the hosts file on your workstation as well. Yeah, not super elegant, but it works.

    *Best parts of VMware’s ESXi 5.5 free hypervisor rely on vCenter, which isn’t free. Uh oh?

    Keep in mind that getting VCSA working is worth it, it's now much faster than 5.1, and it's now the little appliance that could, with VMware claiming that it's actually enterprise ready. While it defaults to using a beefy 8GB, it can go down to 4GB safely, according to VMware's specs here:

    • Very small inventory (10 or fewer hosts, 100 or fewer virtual machines): at least 4GB.
    • Small inventory (10-100 hosts or 100-1000 virtual machines): at least 8GB.
    • Medium inventory (100-400 hosts or 1000-4000 virtual machines): at least 16GB.
    • Large inventory (More than 400 hosts or 4000 virtual machines): at least 24GB.

    Having used it for some months now, I've noticed it seems to settle down over time, and only shows about 0.5GB of active memory use with 2 VMs running, seen pictured above.

    The fix (short version):

    Deploy OVF Template using the vSphere Client

    UsinPower the VM up, click on the Console tab

    connect with browser to the IP address shown in the console, logging in initially as username root and password vmware, as is also explained by VMware here. If on Chrome, click on the Advanced option to get past security warnings, then click Proceed

    turn on the 'Accept license agreement' checkbox, then click 'Next>'

    Click 'Next>' to get past the Customer Experience Improvement Program, then click 'Cancel'

    Setting the hard coded name (in my case vcenter) and IP address over in https://10.10.1.112:5480/#network.Address (where 10.10.1.112 is the DHCP fed IP, in my example), click 'Save Settings'

    Use WinSCP or PuTTY to connect to this same IP, and edit:
    /etc/hosts

    Changing from this (vcenter was the name I had chosen)

    127.0.0.1 vcenter localhost
::1 vcenter localhost ip6-localhost ip6-loopback

    to the below 4 lines instead, it's critical your vcenter name be removed from the first line. Replace 'esxi' and 'vcenter' with whatever you want your ESXi host and Appliance to be called, and set the IP addresses to whatever your network has available:

    127.0.0.1 localhost
::1 vcenter localhost ip6-localhost ip6-loopback
10.10.1.50 esxi
10.10.1.51 vcenter

    Save this new hosts file. Now when you run the wizard, and choose 'Configure with default settings' it'll actually complete without errors, takes about 5 minutes on an SSD.

    Finishing touches?

    Edit your workstation's C:\Windows\System32\drivers\etc\hosts file, adding these 2 lines:

    10.10.1.50 esxi
10.10.1.51 vcenter

    Optionally, add these same 2 lines to the EXI hosts /etc/hosts file, but I've found no problems with not bothering with this. vCenter adds ESXi to inventory by name, without incident, without warnings or errors.

    Set the VM to sync its clock using VMware tools, using https://vcenter:5480/#virtualcenter.Time (note, hostname used instead of IP address)

    Set the appliance to autostart with ESXi

    Reboot the appliance (or the entire ESXi host), to ensure the appliance comes up automatically, without errors, and you're able to login with the vSphere Client and vSphere Web Client.

    The fix (long version, with screenshots):

    (coming soon)

    The fix (video version):

    Previously, I had developed a less elegant, and more complicated, solution, based on using DHCP reservations for a fixed IP address in the VM. I feel tweaking the hosts file is a better approach.
    VMware vSphere Server Appliance 5.5 SSO doesn't like lack of proper DNS in a home lab, here's a workaround

    Now that you've got your appliance working, drop a comment below and let us know! I'm always open to corrections, better ideas, and constructive feedback, of course.

    With this issue solved, if you're still looking for trouble, check out how far back these persnickety appliance configuration issues were noticed:

    SSO issues:
    vCenter Server Appliance 5.1 - Wizard/Config fails by chan, Sep 27 2012
    vCenter Server Appliance 5.1 - Wizard/Config fails by Dennist777, Sep 27 2012

    Time sync issues:
    vCenter Appliance could not configure embedded DB – Wrong Time Oops !! by jit2600, Dec 06 2012
    vCenter Appliance could not configure embedded DB – Wrong Time Oops !! by jit2600, Dec 06 2012
    Upgrading to vCenter Server 5.1 fails with the error: Certificate already expired(2035413) by VMware Knowledge Base, Jun 06 2013

    Oct 01 2013 Update:
    New comprehensive, beginning to end build video now available.
    Build your own VMware vSphere 5.5 Datacenter with ESXi and VCSA

    You'll see I'm using the same technique to build the VCSA without SSO errors, as you witness me building my lab, in this hour long video.

    TinkerTry - PCs, EVs, home tech, efficiency and more, including virtualization. My opinions here, not my employer's.

    Paul Braren, MCSE in 1998, VCP #2681 in 2005, vExpert 2014 to 2024, Veeam Vanguard Emeritus, 2015 to 2019.

    Support TinkerTry

    PayPal | Patreon | VMware Store

    After 6 successful years testing then shipping well over 1,000 Xeon D Bundles, Wiredzone had to stop selling them in mid-2021 due to cost, supply, and logistics challenges. So far, Xeon D-1700/2700 (Ice Lake D) was a minor refresh for 2023, with Xeon D-1800/2800 (Granite Rapids D) refresh looking a little better for 2024. More cores, but still just PCIe Gen4 and DDR4. Looking ahead, I'm glad it's Pat Gelsinger at Intel's helm. I'm also grateful to have had the honor of working at VMware when Pat was the CIO there. I'll leave it at that, given the whole Broadcom thing.

    Easily update VMware ESXi at TinkerTry.com/easy-update-to-latest-esxi