Apr 4

Howto vCenter 4.1 + Domain Controller = Not recommended + Unsupported

Category: vSphere

Yes I know it’s not recommended as stated in the KB (vCenter Best Practice) but due to unreasonable request from my user, I have no choice but to test whether it is possible to let vCenter service running on domain controller machine. As suggested elsewhere, I have to install vCenter application first before I can dcpromo the machine. So the process can be summarized as below :

dcpromo.png

  • Prepare the machine
  • Install vCenter
  • Change vCenter ADAM port
  • Run dcpromo

To test this out, I’ve created one VM running on VMware Workstation 7 and install it with Windows Server 2008 R2. Once finished, I proceed with vCenter 4.1 installation and use SQL Express as for vCenter database. The installation finished as expected and vCenter service can running fine without issue.

Now, I need to change vCenter ADAM. Since AD Ldap will use port 389, to avoid port conflict, ADAM port must use other than port 389 (3899). To do this,

  • Open CMD and run c:>net stop VMwareVCMSDS
  • c:>dsdbutil
  • dsdbutil:>activate instance VMwareVCMSDS
  • dsdbutil:>LDAP port 3899
  • dsdbutil:>SSL port 6369
  • dsdbutil:>quit
  • c:>net start VMwareVCMSDS

To verify that my vCenter ADAM now is using port 3899, I’ve checked it with c:>netstat -an. To make the changes permanent, I’ve modified instance.cfg (Windows Server 2008 R2 C:\ProgramData\VMware\VMware VirtualCenter) and change port 389 to 3899. Then, restart the server and verify your vCenter service is running fine.

From now on, you can proceed with dcpromo. Although I will not discuss it here, you can always refer to this site for how to install your first domain controller.

p/s : This is not supported by VMware at all.

3 Comments so far

  1. Mike April 21st, 2011 8:55 am

    I tried installing vCenter 4.1 on a DC as per your instructions. This is purely for my virtual lab on my laptop in order to conserve memory.

    For the most my installation was successful however I noted one problem which looks like is linked with the DC Domain policies which is blocking inbound communications. If I run the vClient on the DC itself I can connect to the vCenter and add a host etc. After adding the host a few minutes later the host and VM’s go into disconnect mode and I have to repeatedly re-connect the host.

    Also when I try and connect from a remote PC using the vClient i cannot connect to the vCenter, also I can’t get to the http webservice either.

    I have checked all the obvious but can’t seem to get it setup optimally.

    Any light you could shed would be greatly helpful.

    Thanks

  2. athlon_crazy April 22nd, 2011 6:28 am

    For inbound connection, is your vCenter VM network adapter set to “bridged”? One of the reason why ESX/i hosts normally disconnected from VC is, vCenter unable to get a heartbeat from the host. Second thing is, perhaps few agents/services (vpxa, xinitd, vmware-hostd) are not running on your host could be because your ESX didn’t have enough memory & etc.

  3. Dean October 5th, 2012 5:36 am

    I’ve been looking exactly for that.
    I have 2 servers to be used as ESX cluster, and only 1 to be used both as vCenter and DC (I rather not virtualize it in VMware WS).

    I’ll try your solution.
    Thanks

Leave a comment