Platform Service Controller ( PSC ) \ vCenter which connects to the external PSC and if it no longer required or not working then we can decommission or delete the appliance.
First step is to stop and power-down the PSC which no longer needed and also make sure to re-point the VC to the other PSC in the environment.
- Login to the PSC SSH as root
- Enable the Shell
- run the cmsso-util unregister command
CMSSO will unregister the PSC\VC from the corresponding nodes.
cmsso-util unregister –node-pnid Platform-Services-Controller-System-Name –username administrator@your_domain_name –passwd vCenter-Single-Sign-On-password
Platform-Services-Controller-System-Name is the FQDN or IP address of the Platform Services Controller that you want to decommission.
cmsso-util command may fail when removing a node with the error:
Could not find a host id which maps Hostname to in Component Manager Failed!!!
If this occurs, run this command:
vdcleavefed is used to completely remove all the information related to the PSC\VC
/usr/lib/vmware-vmdir/bin/vdcleavefed -h -u [-w ]
vdcleavefed -h decommpsc.testlab.local -u Administrator -w Passw0rd!
Upon successful execution, you see output similar to:
/usr/lib/vmware-vmdir/bin/vdcleavefed -h psc4.vclouud.local -u administrator
password:
vdcleavefd offline for server psc4.vcloud.local
Leave federation cleanup done
If the PSC or vCenter Server node is still active, you see the below error. Shut down the vCenter Server or PSC before execution.
/usr/lib/vmware-vmdir/bin/vdcleavefed -h psc4.vcloud.local -u administrator@vsphere.local
password:
vdcleavefd offline for server psc4.vcloud.local
“Leave federation cleanup failed. Error[1] – Operations error”
If the FQDN is wrong or sometime it wont take the IP and it will show the error as
“Leave federation cleanup failed. Error[13] – Confidentiality required.”
So make sure to give the correct FQDN name of the PSC.In case FQDN and IP is right and still if it shows the error then check the logs from the location /storage/log/vmware/vmdir/vdcleavefed.log and look for any ladap connectivity errors , mostly it is because of mis-match certificate and we need to provide the correct certificate to the PSC\VC.
One easy way to fix the issue is by re-deploying the PSC again with the same name , just rename the old PSC and re-install the new PSC with the same FQDN name and try to decommission.
If the user name or password is wrong then it will show the error as
” Error (9234) – User invalid credential “
Just administrator is enough for the username.
Once everything is corrected then the result will be ” Leave Fedration cleanup done “
We can verify the vCenter whether it is removed completely or still the entry is present by running the below command and search for the Service ID:
/usr/lib/vmidentity/tools/scripts/lstool.py list –url http://localhost:7080/lookupservice/sdk –type vcenterserver > /tmp/vc.txt
Reference :
Techbrainblog 
Hi,
I’m trying to break the Vmdir federation between different vcenter but without delete them. How could I accomplish this?
LikeLike
Works Fine!
Thanks!
LikeLike
Pingback: Migrated to #vSphere 6.5 into an unsupported #SSO topology? – This is how we got out of it! #vExpert – The Fluffy Admin
Thanks man; other resources failed for me; yours worked with some persistence. Your “Just administrator is enough for the username.” statement was also key.
LikeLike