Successfully Installing vCenter SSO Part 2 – Service Installation

In the previous post, entitled “Successfully Installing vCenter SSO Part 1 – SQL Database“, I covered all of the steps required to create and set permissions on the SSO Database. This was done using a custom database name to give you an idea of what is possible if you don’t like the default name of “RSA” for your database.

In Part 2 I review the process to actually install the SSO service on your server, and also detail out some of the pitfalls that you may encounter along the way. If you haven’t already completed Part 1, I strongly recommend finishing that up first, or at least reviewing the steps to ensure they have been followed, before trying to install the SSO service on your server.

With that said, let’s get started.

General Starting Tips

In order to boost your chance of success, follow these two starting tips prior to the installation process.

DNS Health Checks

Make sure that your SSO server has both an A Record in DNS and a Reverse (PTR) record. This means that you can lookup your server by both the Fully Qualified Domain Name (FQDN) and the IP address.

From a command prompt, use the commands:

nslookup HOSTNAME
nslookup IPADDRESS

Here’s an example from my lab:


Bottom Line: Both should successfully resolve. Do not go any further until they do.

I also advise doing the same for your SQL server and any vCenter component servers (for when you are using unique servers for vCenter, SSO, and/or Inventory Service).

Run As Administrator

I always advise browsing to the autorun application on the vCenter DVD and choosing to “Run as administrator”. Don’t laugh – this has caused a very large number of failures for those I have worked with in the past, and is one of those things that tend to confuse folks that are new to UAC (User Account Control).


Why do this?

It doesn’t matter if you log in as Administrator to run the installation. UAC works like a poor man’s version of the Linux SU / SUDO command, in that it elevates your login to a point where it can do administrative actions (those things you see with the yellow and blue shield). Without this step, there is a chance that you will get cryptic error messages because your account, even if it is Administrator, was denied rights to certain actions.

Bottom line: Always use the “Run as Administrator” option. Very few exceptions to this!

Video Walkthrough

If you feel so inclined, I have provided a video covering this entire article. Otherwise, keep scrolling down for more SSO installation goodies.

As always, if you enjoyed the video please toss me a “Like” and if you want more videos on the channel I’d appreciate your subscription:)

SSO Service Installation Steps

To begin, select the “vCenter Single Sign On” product in the autorun menu. Do not choose “VMware vCenter Simple Install” as it will try to install all of the three major components (SSO, Inventory Service, and vCenter Server) all at once.


Cruise past the Patents and EULA section until you arrive to the Deployment Type page.

SSO Deployment Type

Select the first radio button to “Create the primary node”.


Next, select the “Install basic vCenter Single Sign On” option.


SSO Admin Password

When prompted, enter a password for your SSO domain. This will be the Admin level user within SSO, which is “admin@System-Domain”. Do not lose this password! I recommend putting it in a password safe, such as Keepass, immediately for safe keeping. Make sure to also use a complex password that is:

  • At least eight charcters
  • At least one lowercase character
  • At least one uppercase character
  • At least one number
  • At least one special character

An example would be “Password1234!” – don’t actually use this. 🙂


Database Configuration

Select the radio button to install to an existing, support database. The SQL Express instance is useful for small or test environments.


Here comes the meat of the install. You’ll need to provide all of the information that was created in Part 1 of this series.

  • Database Type: Mssql
  • Database Name: By default it is RSA, unless you used a custom name. In my example it is “WAHLNETWORK”
  • Host name or IP address: Enter the FQDN of the SQL server, which is “sql.glacier.local” in my lab. I advise against the IP address – you should have an A record in DNS for this server already anyway.
  • Port: 1433 (default), unless you changed it on the SQL server. This is common if you have multiple instances, as each new instance would use a different port.
  • Use manually created DB users: Check this box
  • Database user name: RSA_USER (default)
  • Database password: The password for the RSA_USER login
  • Database DBA user name: RSA_DBA (default)
  • Database DBA password: The password for the RSA_DBA login


When you click next, assuming there is no error, you will be asked to enter the FQDN of the server that SSO is being installed upon. In my example, I’m installing it directly onto the vCenter Server (VCENTER51.glacier.local). This may not always be the case – you can put SSO on its own server.


Final Installation Steps

Accept defaults for the remaining screens. You can choose to install to a different directory if you don’t want to use “C:\”. The final progress bar can take several minutes to finish – be patient. 🙂


Congratulations – you have installed SSO and have a live, running system to connect to for the remaining vCenter 5.1 installation pieces.


Once you get a handle on this new process, life gets easier. I very strongly recommend you practice this in a lab or on a test virtual machine in your environment first. Get your SSO database cooked and look around how it all works to get comfortable with it.  You don’t even need a vCenter Server ready to play with SSO – you can do what I’ve done in this two part series and just learn SSO on its own prior to a full upgrade.

Now that this two part series is complete, I’m definitely curious if you’ve used the posts or videos to help with your SSO installation? Did you find them helpful and informative, or wish to share some additional tips that I may have missed? Your feedback is always welcome!