PSC HA 6.5 Guide

Configuring two or more PSC 6.5 nodes behind a Load Balancer can be done to provide High Availability to the PSC services.

This can be useful to have a central PSC HA pair and have multiple vCenter Servers registered against the PSC HA pair for enhanced linked mode.

It would also be required if using vCenter HA with an external PSC, otherwise you’re only providing HA to half the vCenter Server instance.

I hope this guide helps perform the setup with ease and clarity.

1. Introduction


8 thoughts on “PSC HA 6.5 Guide”

  1. Running through this page “PSC HA 6.5: 5b – Validate PSC HA 6.5”.

    All goes well until I try to verify the cs.license SSL Trust.

    The output from validation command returns the following, “root@vrpcad1vdippsc1 [ ~ ]# echo “—–BEGIN CERTIFICATE—–” >> /tmp/cs.license_endpoint.crt; echo | python /usr/lib/vmidentity/tools/scripts/ list –url http://localhost:7080/lookupservice/sdk –site vdi-a –type cs.license 2> /dev/null | grep “SSL trust” | uniq | awk ‘{ print $3 }’ >> /tmp/cs.license_endpoint.crt; echo “—–END CERTIFICATE—–” >> /tmp/cs.license_endpoint.crt; openssl x509 -in /tmp/cs.license_endpoint.crt -noout -text; rm /tmp/cs.license_endpoint.crt
    unable to load certificate
    139945415829144:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:824:”


    1. Hello there,

      I am wondering if it would be possible to help me with my deployment in regards to my previous comment?


      1. Hi – I was on vacation and keep in mind this blog is a hobby, not a replacement from VMware Support.

        Based on “[500] SSO error: Could not parse certificate: java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 2628” one guess is that your are placing the VMCA with a certificate greater than 2048 bit key length? I’ve heard reports that 4096 and greater are causing issues.

        I’d advise opening a support request with VMware Support for more analysis.


  2. @tradsd224 I hit this issue last night. Opened a support request and confirm an issue.

    I was able to workaround issue by installing the PSCs with 6.5 GA – doing the setup with the SSL and HA config. Then upgraded the PSC appliance to 6.5D (rebooted the PSCs after the upgrade) and was able to install vCenter 6.5D against the VIP address.

    I had the same verification problem in the ‘cs.license SSL Trust’ but using an older build as a workaround worked.

    Open an SR to get the official response from GSS support about the issue.


      1. Thanks for the update. Looks like its still an issue in release 6.5.0.e.

        Will try using the GA file.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: