I have went through the upgrade process of vCenter 5.0 to vCenter 5.1 which was protected by vCenter heartbeat(Please note same process apply for upgrade to 5.5 as well). The process end up being more of uninstalling and re-installing vCenter heartbeat rather than upgrade to avoid the undesired behavior of SSO lockdown that can be caused by the upgrade process of vCenter Hearbeat when SSO is hosted on the same VM as vCenter which was the case in my scenario. Let start by giving a summary of the upgrade process before going into a details:
a. Uninstall vCenter Heartbeat 6.5 if installed
b. Setup Single Sign On.
c. Upgrade vCenter Server from to 5.0 to 5.1
d. Upgrade Update Manager from 5.0 to 5.1
f. Install vCenter Heartbeat 6.6 (UAT & Prod).
below is the process changes involved when upgrading vCenter that is protected by vCenter Heartbeat in more details:
- Make sure you have adequate backup. Maybe Image backup of your vCenter VMs?
- Make sure to have license keys on hand.
- Make sure All Windows Updates is disabled.
- Write down all the IPs configurations.
- Prepare a service account to use for heartbeat with local admin and vcenter admin privillage
- Make sure to have a local administrator account on the machine that you know the password off.
- Make sure you are using the desired host name
- Copy the vCenter Heartbeat installer to the vCenter VM
- Ensure two NICs exist and they are connect to the right network
- NIC holding Public IP/Management IP
- NICs holding Channel IP
- Configure the following on each of the NICs
- De-select Register this connections address in DNS on all connections
- Remove WINS server entries on all connections
- disable netbios will be done on the channel connections.
2- Uninstall vCenter heartbeat:
- If the Secondary node is active, use the vCenter Server Heartbeat Console on the Primary node to perform a manual failover to make the Primary node active. Note: Only proceed to next step when the Primary node is currently active.
- Shut down vCenter Server Heartbeat on both the Primary and Secondary nodes, leaving protected applications running on Primary (active) node.
- Shutdown the secondary vCenter
- Uninstall vCenter Server Heartbeat on the Primary node.
- Rename the server back to the Public name, leaving the server in the domain.
3- Deploy Single Sign On (SSO):
- Install a single SSO server on the same machine as vCenter. Only single SSO server installation is required as it will be protected by heartbeat.
- Note: On the vCenter Single Sign-On Prerequisites page, ensure the IP address listed is the Public IP address. If the Channel or Management IP is listed, temporarily remove the IP from the NIC, then click Back and Next to refresh the Prerequisites page.
4- vCenter Server Upgrade Procedure
- Install Web Client
- Upgrade vCenter Inventory Service using the vSphere Upgrade guide.
- Upgrade vCenter Server using the Upgrade guide for guidance.
- Make sure that you have an AD account setup as a vCenter administrator. All local accounts might be removed during the upgrade.
- Upgrade Update Manager
- Install the new update Manager plugin
- Install the new vSphere Client & test vCenter functionality.
- Add vCenter 5.1 licenses to vCenter Server or it will run in evaluation mode.
- Connect to vCenter using the vSphere Client and verify that all ESXi hosts are connected and have their vCenter Agent updated.
5- vCenter Heartbeat Installation:
- Rename the old vCenter Secondary node VM (& Mark it for deletion)
- Select the following services and set them to Manual.
- VMware VirtualCenter Server
- VMware vSphere Profile-Drive Storage
- vCenter Inventory Service
- VMware VirtualCenter Management Webservices
- Clone the Primary VM & make sure the secondary VM is kept off and the connect to network on power on is disabled.
- Create a network share on the primary VM
- Install heartbeat on the primary
- Restart the VM.
- Verify DNS records are working correctly after heartbeat installation is completed on primary
- (If SSO involved the following command might be required) run the following command: c:\program files\vmware\infrastructure\ssoserver\utils\ rsautil manage-secrets -a recover -m <masterPassword> . Then restart the SSO Service.
- Power on the secondary with network totally disconnected
- Fix the channel & management IPs and bring the channel NICs up, but keep the Public network down
- Install heartbeat on the secondary.
- At the end of it you will need to enable the public network to continue with the installation.
- Verify DNS Names
- In vCenter Heartbeat manager =>Applications => Plugins => VMware vCenter Plugin & enable it.
- vCenter Heartbeat Manager => Server => Monitoring. Check Mark “failover from primary server to Secondary server if channel hearbeat is lost for failover timeout.
- Test failover using: C:\Program Files\VMware\VMware vCenter Server Heartbeat\R2\Bin\ nfavt.exe
6- Backup out off the failover test:
- Shut down vCenter Server Heartbeat and protected services on all servers.
- Complete the following on both servers:
- Open the Configure Server wizard.
- Select the Machine tab.
- Select the Primary server as active.
- Click Finish.
- On the Secondary server, right-click the taskbar icon and select Start vCenter Server Heartbeat.
- Verify that the Secondary server is passive (S/–).
- On the Primary server, right-click the taskbar icon and select Start vCenter Server Heartbeat.
- After vCenter Server Heartbeat starts, login to the vCenter Server Heartbeat Console