vCenter 5.1 upgrade removes permissions in vCenter in non AD environment

While upgrading vCenter to 5.1 in an environment where we used local authentication on the vCenter server, we were in for a little surprise.

The original vCenter server had a lot of custom roles and user permissions defind, on all kinds of objects in vCenter.

When we did the upgrade, we decided to install the SSO server on a separate server, and when we did the vCenter upgrade and it was registered with the SSO server, we suddenly received a message that users and groups where not found on the SSO server, which kind of made sense, since even though we recreated the users and groups on the SSO server, they had different security IDs. But what we did not expect, is the upgrade process decided to remove all non existing users and groups from the vCenter database, effectively removing all permissions from vCenter … Continue reading

Error 29107 when upgrading to vCenter 5.1 (and fix)

When I tried to upgrade my vCenter 5.0U1 Server to 5.1, all seemed to go well, up until the the moment vCenter tried to register with SSO.

I received an error message “Error 29107. The service or solution user is already registered. Check Vm_ssoreg.log in system temporary folder for details”

I checked this log, but it did not really point me in to the right direction.

Then I found a post in the 5.1 beta archive that said the unique identifier for a service to register with SSO is the Common Name from its certificate. Continue reading