Remove PSC from SSO Domain

In this post we will learn how to decommision/remove a PSC from SSO domain. I am covering steps needed for VCSA in this post. Steps for a Windows based vCenter server are very similar and is explained in VMware KB-2106736.

Why I need to do so?

In my lab I was doing a lot of new things with PSC deployments and repointing my vCenter server from one PSC to other. If you are new to how to repoint a vCenter server amongst PSC’s, please read below 2 articles:

1: How to repoint vCenter Server 6.x between External PSC within a site

2: Repointing vCenter Server 6.0 to External PSC’s across sites

At present I have 3 PSC’s namely psc02.alex.local,psc03.alex.local and psc03.alex.local. I have one vCenter server which was originally deployed with psc02 as external psc. First I moved my vCenter server from psc02 to psc03 (they were in same domain/site) and then I moved VC from psc03 to psc04 (they were in same domain but different site)

You can see in output of below command that which PSC is replicating to which other PSC

And currently VC pointing to PSC04

I will first start with removing psc02.

These are the steps for doing so

1: Log in as root to the appliance shell of one of the Platform Services Controller appliances within the domain.

2: To enable the Bash shell, run the shell.set –enabled true command.

3: Run the shell command to start the Bash shell and log in.

4: Run the cmsso-util unregister command to unregister the Platform Services Controller:

I was getting warning about “Leave federation cleanup failed. Error[1] – Operations error”

I logged into vCenter server and found my PSC was still listing in vSphere inventory and in unknown status


I googled the error and came across this command

/usr/lib/vmware-vmdir/bin/vdcleavefed -h PSC-FQDN -u administrator -w SSO-Admin-Pwd

I tried running above command and again I got error about invalid credentials. I was pretty sure that I passed the correct credentials. I checked vdcleavefed.log which resides in /storage/log/vmware/vmdir directory and I found below errors:

I shutdown my PSC and ran above command again and this time I did not got any error

Refreshed the Web Client page and PSC02 was gone


Ran the show server command and PSC02 was no longer reflicting there as well

And that’s it for this post.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 🙂