I wanted to do the right thing and post how I solved my error/problem. Be warned, it is not pretty and you need to understand that it is absolutely necessary that you backup your vsphere server before doing this procedure. This procedure was issued to me from VMware Tech Support as my only option.
To recap on what happened in my scenario. I was a new hire and given a current installation of VMware Vsphere 5.1. I had no documentation but I was given the default Admin Passwords that were used in most instances in the network. After many unsuccessful attempts to upgrade from SSO 5.1 to 5.1u1 because of an invalid password during upgrade, I went to the forums and VMware Tech Support. The method suggested to fix this was to do a database query on the SQL instance using the supplied hash which would restore the MASTER and ADMIN@SYSTEM-DOMAIN password to the given value for the hash.
This did work, PARTIALLY. I say this in that I was able to finally login into the VMware Vsphere webportal and client using my admin@system-domain account using the new HASHED password. However, the problem that was still present was that I still could not upgrade SSO 5.1 to 5.1u1 because of a bad password. So...wait for it...... Corrupt RSA database!!! The confusing part is that everything still functions perfectly. I can use my admin@system-domain password to navigate my VMware environment, but I was unable to upgrade certain instances of VMware because of this issue.
I'M GOING TO BE VERY CLEAR ABOUT THIS! WHAT I'M PROVIDING YOU IS NOT INSTRUCTIONS ON HOW TO FIX THIS, BUT RATHER A CHECKLIST TO FOLLOW. I am NOT RESPONSIBLE if you bring down your production servers for not researching this before you attempt this or contacting VMware tech support. I spent an entire week reading and re-reading the procedures before attempting this.
MY VMware environment was in production and unaffected during this procedure. I also have VSA (Virtual Storage Appliance) and it was also unaffected.
Checklist that worked for me.
- Read all of these steps!
- Don't Forget to do Steps 15 and 16.
- Download the Instructions for installing VMware VSphere and read specifically page 223 http://pubs.vmware.com/vsphere-51/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-511-installation-setup-guide.pdf
- WATCH this YouTube video form start to finish before even starting. VMware vSphere 5.1 vCenter Upgrade Part 1. Single Sign On Installation - YouTube
- WHAT EVER YOU DO, DO NOT install a newer version of SSO during this procedure. I did this and had to revert back to my SNAPSHOT and try again. Again, had I not backed up, I would have been in trouble. Be sure to install the same version of SSO that you are removing. So be sure to reinstall the version you uninstalled and THEN Upgrade SSO to a newer version. I say this because I believe I still had some certificate errors for the web portal after step 16 that were simply fixed when I upgraded SSO to 5.1u1.
- Backup your VCenter Server.
- Then Backup your VCenter Server and TEST YOUR BACKUP. A backup is only good if you can restore from it.
- Then, Take a SNAPSHOT of your VCenter Server if it is virtualized.
- Then backup your RSA DB instance in SQL. And don't be doofus and backup your RSA DB to your local C drive of your VCenter Server. If you have to start over, you lost it. Backup to networked drive or external storage.
- Then take a Screen Shot of LocalHost\SQL Instance\Security\Logins\Table (The Idea is to capture all of your security accounts because once you proceed ahead, you might have to add some back after this procedure.)
- DrumROLL
- Uninstall SSO. (You will receive an error because you do not have the MASTER password to uninstall this instance. This error simply tells you that the database will still exist but SSO will be un-installed.
- Delete the RSA database from SQL.
- Follow the YouTube Video for the procedure to configure the RSA database and install SSO.
- Open CMD as ADMINISTRATOR. Just opening CMD will NOT work. You have to right click on CMD and "Run as Administrator".
- Follow all of these procedures. http://kb.vmware.com/kb/2033620
- Upgrade your SSO Instance.
Good Luck!