Issues with PSC database? Use lsdoctor

Paolo LucchettiVMware / vSphere
Reading Time: 2 minutes

Purpose of the article

In this article I will show how to use Lookup Service Doctor (lsdoctor) tool to address issues with data stored in the PSD database, both local or external.
Possible failures are:

  • topology changes (converge, repoint, etc.)
  • upgrades
  • failure due to maintenace on SSL.

What you need first

First of all, as always, before any maintenance, you have to dake a proper snapshot of your SSO domain. Every VCs or PSCs, that are in the same SSO domain, must be powered off and then snapshot them.
At the time or writing lsdoctos suppors vCenter 6.5 and above, both Windows and VCSA. Newer versions of vCenter require an lsdoctor updated.

How to install

For installing lsdoctor you have fist to download the ZIP file from this link (lsdoctor) and copy it on the node on which you want to run it.
I will show how to install on VCSA as is the preferred vCenter usually used.
So run
unzip lsdoctor.zip
be carefull: be sure you are currently in the lsdoctor-master directory.

How to execute

to execute the script launch:
python lsdoctor.py --help

Options

  • –lscheck
  • –pscHAUnconfigure
  • –stalefix
  • –trustfix
  • –solutionusers
  • –rebuild

-l or –lscheck

This option checks for common issues in the lookup service.  Does not make any changes to the environment.  This will show issues found on any node in the SSO domain.  See output for findings and path to JSON report.

-p or –pscHAUnconfigure

This option is used when removing a PSC HA configuration (multiple external PSCs behind a load balancer).  To use this option, follow these steps:

-s or –stalefix

This option cleans up any stale configurations left over from a system upgraded from 5.x.

-t or –trustfix

This option corrects SSL trust mismatch issues in the lookup service.  The lookup service registrations may have an SSL trust value that doesn’t match the MACHINE_SSL_CERT on port 443 of the node.  This can be caused by a failure during certificate replacement, among other failures.

-u or –solutionusers

This option is used to recreate solution users for a node.  There are many reasons a solution user may be missing or inconsistent, but this script will delete any existing entry and recreate them from scratch.

-r or –rebuild

This option is used when rebuilding one or all service registrations for a given node.  This action performs the most significant changes, and extra care should be taken to ensure a safe rollback is possible (see Impact/Risks section).

Once you have run the script you have to restart all the service running:

service-control --stop --all
service-control --start --all

Check Out koodzo.com!