Changing the IP address of a VMWare PSC via the command line

I recently needed to change the IP address of my PSC. Unfortunately it was already inaccessible so I was unable to do it via the standard GUI methods. I SSH’d into the box and had a look but it pretty immediately becomes apparent you can’t just update things the way you would a normal linux box. Enter vami_config_net. I believe this utility is available on any of the VMWare appliances that utilize VAMI/photon but I could be wrong. As you may notice int he article it refers to this being for the vCetner Support Assistant, but it worked just the same for me on my external PSC.…


Platform services controller — Migrating to external psc and verifying replication partners

In preparation for migrating from vCenter 6.5 w/ embedded PSC, to a external PSC I needed to validate the replication between my new external PSC and the embedded platform services controller. To validate PSC replication partners, the vdcrepadmin utility can be used. For more information see

login as: root

VMware vCenter Server Appliance

Type: VMware Platform Services Controller

Using keyboard-interactive authentication.
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@vcenter-psc [ ~ ]# cd /usr/lib/vmware-vmdir/bin
root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h localhost -u Administrator -w Passw\!rd
root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]#

Note in the above commands, for the -w parameter, non alpha characters must be escaped with a \ otherwise you may get authentication failures.

I am now able to continue with the external psc migration as detailed here:…

root@vcenter [ /usr/lib/vmware-vmdir/bin ]# service-control --status --all
 applmgmt lwsmd pschealth vmafdd vmcad vmdird vmdnsd vmonapi vmware-cis-license vmware-cm vmware-content-library vmware-eam vmware-perfcharts vmware-psc-client vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-updatemgr vmware-vapi-endpoint vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-client vsphere-ui
 vmcam vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-rbd-watchdog vmware-vcha
root@vcenter [ /usr/lib/vmware-vmdir/bin ]# cmsso-util reconfigure --repoint-psc vcenter-psc.redacted.lan --username administrator --domain-name vsphere.local --passwd Passw0rd!
Validating Provided Configuration ...
Validation Completed Successfully.
Executing reconfiguring steps. This will take few minutes to complete.
Please wait ...
Stopping all the services ...
All services stopped.
Starting vmafd service.
Successfully joined the external PSC vcenter-psc.redacted.lan
Cleaning up...
Cleanup completed
Starting all the services ...
Started all the services.
The vCenter Server has been successfully reconfigured and repointed to the external Platform Services Controller vcenter-psc.redacted.lan.
root@vcenter [ /usr/lib/vmware-vmdir/bin ]#

And finally, from the external PSC we can verify replication partners again to see that the embedded PSC has been decommissioned, and the external PSC is the only one listed:

root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]# ./vdcrepadmin -f showservers -h localhost -u Administrator -w Passw\$ord
root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]#

Recovering from a failed platform services controller installation – vSphere 6.5

I have used to below commands to recover from a failed PSC deployment. When trying to redeploy after the failed deployment, I encountered the error:

“Failed to run vdcpromo”

Following the below steps on the current PSC resolved the error and I was then able to successfully restart the PSC deployment.

Also, protip to avoid having to keep redeploying the appliance, take a snapshot right after phase 1 completes. Then you can simply restore the snap and access your vm via the web interface to try again.

login as: root

VMware vCenter Server Appliance

Type: vCenter Server with an embedded Platform Services Controller

Using keyboard-interactive authentication.
Last login: Wed Sep 20 15:34:18 2017 from
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@vcenter [ ~ ]# cd /usr/lib/vmware-vmdir/bin
root@vcenter [ /usr/lib/vmware-vmdir/bin ]# ./vdcleavefed -h vcenter-psc.redacted.lan -u Administrator
vdcleavefd offline for server vcenter-psc.redacted.lan
 vcenter-psc.redacted.lan server cleanup performed.
root@vcenter [ /usr/lib/vmware-vmdir/bin ]#…

Additional info: I also ran into this when trying to deploy an additional PSC that had a failed installation, but got a completely different error (see below). Going to Administration -> System Configuration in the flash vSphere web client also displays the failed PSC. Login to the live PSC and use the above commands to cleanup, then restart the new PSC deployment. Refreshing the System Configuration page once the vdcleavefed command was ran confirms the cleanup is complete and the failed install is no longer listed.

The error I received when deploying this PSC was:

Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host.

Removing the failed deployment via vdcleavefed did not resolve the issue.

I decided to test LDAP connectivity to the PSC from the failed PSC deployment. I SSH’d into the box and did the following:

root@localhost [ /usr/lib/vmware-vmdir/bin ]# ./vdcadmintool

Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask

Please enter LDAP server host: vcenter-psc.redacted.lan
Please enter LDAP server port: 389
Please enter LDAP server SSL port: 11712
Please enter LDAP Bind DN: cn=Administrator,cn=Users,dc=vsphere,dc=local
Please enter LDAP Bind UPN: Administrator@vsphere.local
Please enter LDAP Bind password:

ldap://vcenter-psc.redacted.lan:389 (ANONYMOUS) bind succeeded.

++++++++++++++++++++ ldaps://vcenter-psc.redacted.lan:11712 SSL bind failed. (-1)(Can't contact LDAP server)

ldap://vcenter-psc.redacted.lan:389 SRP bind succeeded.

++++++++++++++++++++ ldap://vcenter-psc.redacted.lan:389 GSSAPI bind failed. (9100)(Unknown (extension) error)

Edit: Additional semi-related data

Get machine’s guid

root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost

Get machine’s pnid (machine/host name?)

root@vcenter-psc [ /usr/lib/vmware-vmdir/bin ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

Get services in the directory

root@vcenter-psc [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli service list