How to Join the Platform Service Controller (PSC) to the AD Domain (vCSA 6.0)

VMware Platform Services Controller (PSC) is a new service in vSphere 6 that handles the infrastructure security functions such as vCenter Single Sign-On, licensing, certificate management and server reservation.

PSC provides one appliance- or Windows-based virtual machine platform to systems administrators for centralized management of these common infrastructure services.

PSC is a distributed service that automatically replicates information such as licenses, permissions and roles to other PSC instances. The maximum number of PSCs per vSphere domain is set at eight. High-availability for PSCs is achieved through local load-balancing technologies, though only four PSCs can reside behind a load balancer. PSCs are also latency sensitive and can only tolerate up to five minutes of time skew between PSC nodes.

In vSphere 6, the following components are installed in PSC:

  • VMware Appliance Management Service (only in appliance-based PSC)
  • VMware License Service
  • VMware Component Manager
  • VMware Identity Management Service
  • VMware HTTP Reverse Proxy
  • VMware Service Control Agent
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Certificate Service
  • VMware Directory Service

Let’s start to Join the PSC in the Active Directory

Step 1: Login to your vCenter web UI using https://vcenter01/vsphere-client change the ‘vcenter01’ into your FQDN or IP and then go to

Administraton -> System Configuration

a_psc03

a_psc04

And  then navigate to Nodes in here you will see your vCenter appliance and your PSC appliance nodes

Nodes -> your PSC node -> Active Directory -> Join

a_psc05

and in here you can type your Domain name and user domain administrator password to join the SSO to Active Directory server.

a_psc06

Note: Then reboot it after successfully completed. However if it failed with error

a_psc02_a

 

you can follow the manual method in step 2 and login to terminal console by pressing CTRL+ALT+F3 login with user root and your password and type this to get shell terminal

Command> shell.set --enabled True
Command> shell
vcenter01:~ # date
Sat Jun 18 08:58:47 UTC 2016

Note: Make sure the time and date is the same in your vCenter, PSC with your AD server

Step 2: Type manually the command and enter your password if it ask.

/opt/likewise/bin/domainjoin-cli join your.ad.here Administrator

vpsc01:~ # /opt/likewise/bin/domainjoin-cli join your.ad.here Administrator
Joining to AD Domain: domain.com
With Computer DNS Name: vpsc01.domain.com

[email protected]'s password: ********
SUCCESS
vpsc01:~ # reboot

 

once you see the ‘success’ and no error you can proceed to type the reboot

Step 3: Login to your vCenter and verify the PSC if it successfully join in Active Directory

a_psc07

Now add your Active Directory in the configuration and set it as default authentication by clicking the globe with arrow icon

Administration -> Single Sign-On -> Configuration

a_psc09

And then add the Active Directory users or group  that you want to have access to this vCenter by clicking the green man icon

Administration -> Single Sign-On -> Users and Groups -> Groups -> Administrators

a_psc09a

Note: Make sure you click the ‘Administrator’ then click the ‘Green man’ icon with arrow to add the user or group

Done.

Be the first to comment on "How to Join the Platform Service Controller (PSC) to the AD Domain (vCSA 6.0)"

Leave a comment

Your email address will not be published.